Wednesday, August 19, 2020
The Department of Homeland Security’s cyber agency warned in early August that a “malicious cyber actor” is targeting a Small Business Administration (SBA) webpage used to funnel loans to businesses during the COVID-19 pandemic.
“The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails,” CISA wrote in a recent alert. “These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.”
CISA noted that the emails are being sent to “various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients” under the subject line of “SBA Application—Review and Proceed,” with the sender using an SBA email address.
The malicious email directs the individual to click on a link that sends them to a fake login page for SBA’s Economic Disaster Loan Portal, with the hackers then able to steal the individual’s login credentials for the real page.
In order to prevent this scam from impacting businesses, CISA recommends that business system owners and administrators take multiple steps to increase cybersecurity, including enforcing a strong password policy, using up-to-date antivirus software, and scanning for “suspicious” email attachments.
It is noted that malicious cyber activity has spiked during the pandemic, and coronavirus stimulus funds have been a major target of hackers trying to cash in on federal funds meant for businesses.
The CARES Act coronavirus stimulus package, signed into law by President Trump in March, included $650 million in loans for businesses with under 500 employees as part of the SBA’s Paycheck Protection Program.
Stimulus checks were also sent to certain individuals, with these payments also becoming a target of malicious actors.
SOURCE: The Weekly Propane Newsletter, August 20, 2020. Weekly Propane Newsletter subscribers receive all the latest posted and spot prices from major terminals and refineries around the U.S. delivered to inboxes every week. Receive a center spread of posted prices with hundreds of postings updated each week, along with market analysis, insightful commentary, and much more not found elsewhere.
“The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails,” CISA wrote in a recent alert. “These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.”
CISA noted that the emails are being sent to “various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients” under the subject line of “SBA Application—Review and Proceed,” with the sender using an SBA email address.
The malicious email directs the individual to click on a link that sends them to a fake login page for SBA’s Economic Disaster Loan Portal, with the hackers then able to steal the individual’s login credentials for the real page.
In order to prevent this scam from impacting businesses, CISA recommends that business system owners and administrators take multiple steps to increase cybersecurity, including enforcing a strong password policy, using up-to-date antivirus software, and scanning for “suspicious” email attachments.
It is noted that malicious cyber activity has spiked during the pandemic, and coronavirus stimulus funds have been a major target of hackers trying to cash in on federal funds meant for businesses.
The CARES Act coronavirus stimulus package, signed into law by President Trump in March, included $650 million in loans for businesses with under 500 employees as part of the SBA’s Paycheck Protection Program.
Stimulus checks were also sent to certain individuals, with these payments also becoming a target of malicious actors.
SOURCE: The Weekly Propane Newsletter, August 20, 2020. Weekly Propane Newsletter subscribers receive all the latest posted and spot prices from major terminals and refineries around the U.S. delivered to inboxes every week. Receive a center spread of posted prices with hundreds of postings updated each week, along with market analysis, insightful commentary, and much more not found elsewhere.
