The U.S. Department of Homeland Security (DHS) is warning businesses about a specific cybercriminal(s) posing as the Small Business Administration to get access to businesses’ disaster loan credentials.
According to Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the emails contain a subject line that reads, “SBA Application – Review and Proceed” from a sender marked as firstname.lastname@example.org.
“(CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails,” CISA wrote in an alert published Wednesday. “These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.”
The malicious email directs the recipient to click on a link that sends them to a fake login page for SBA’s Economic Disaster Loan Portal, with the hackers then able to steal the individual’s login credentials for the real page, according to The Hill.
CISA recommends businesses maintain best practices for cybersecurity, such as using banners to warn of external emails, enforcing a strong password policy, and maintaining situational awareness of the latest threats.
Additionally, businesses can sign up for CISA’s free vulnerability scanning and testing services to help organizations secure internet-facing systems from weak configuration and known vulnerabilities.