Emails that appear to be from the Small Business Administration are being sent to business owners, CEOs and CFOs, enticing them to download malware and hand over personal banking information
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 relief webpage via phishing emails. These emails include a malicious link to a fake page used for malicious re-directs and credential stealing. CISA provides technical information in this article.
This article shares information about scammers using particularly sophisticated phishing attacks to divert coronavirus relief funding from struggling Americans and companies.
Be wary of clicking on links or opening attachments in unsolicited emails. This article provides a few steps you should take to authenticate an email especially if there is a call to action. Examples of calls to action are emails that are asking you to click on a links, open attachments, type in a username/password, call a phone number. When in doubt, delete the email.