Phishing Email From Malicious Cyber Actor Hitting COVID-19 Loan Relief Site
Screenshot of the webpage arrived at by clicking on the malicious hyperlink
Sonora, CA – The U.S. Department of Homeland Security is putting out an alert regarding a phishing email related to the federal Small Business Administration (SBA) and its COVID-19 loan relief webpage.
The Cybersecurity and Infrastructure Security Agency (CISA) discloses that it is currently tracking the unknown malicious cyber actor “spoofing” the SBA website. The email includes a malicious link to a fake page with the goal of “re-directs and credential-stealing,” according to federal officials. They provided these technical details on the email:
- A subject line, SBA Application – Review and Proceed
- A sender, marked as disastercustomerservice@sba[.]gov
- Text in the email body urging the recipient to click on a hyperlink to address:
- The domain resolves to IP address: 162.214.104[.]246
The agency also offers practices that small business owners and organizations can implement to strengthen their system’s security. Tuolumne County’s Economic Development Director Cole Przybyla encourages sharing this phishing email alert with others and using the mitigating methods recommended. The alert can be viewed here.