The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) says it’s tracking an unknown cyber actor sending phishing emails and pretending to be the Small Business Administration’s coronavirus relief loan website. “These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious redirects and credential stealing,” the agency said.
The phishing emails consist of the subject line “SBA Application – Review and Proceed,” with [email protected] as the sender. To prevent this scam from impacting businesses, CISA recommends that business system owners and administrators take multiple steps to increase cybersecurity, including enforcing a strong password policy, using up-to-date antivirus software, and scanning for suspicious email attachments. 8/13/2020