Skip to main content
  • Careers
  • Contact Us
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

SBA COVID-19 Loan Relief Webpage Being Spoofed

August 18, 2020

The U. S. Small Business Administration warns loan applicants to beware of email phishing scams.

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various federal, civilian, Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

  • A subject line, SBA Application – Review and Proceed
  • A sender, marked as disastercustomerservice@sba[.]gov
  • Text in the email body urging the recipient to click on a hyperlink to address:
    hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
  • The domain resolves to IP address: 162.214.104[.]246
This is what the webpage you’re redirected to looks like.

The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect personally identifiable information.

It should be noted that any email communication from the SBA will come from email accounts ending in sba.gov, and nothing more. Loan applicants are being advised to look out for email scams and phishing attacks using the SBA logo. These may be attempts to obtain PII, access personal banking accounts, or install ransomware or malware.

Applicants are also advised to help protect their identity and privacy by never providing their full name, date of birth, social security number, address, phone numbers, email addresses, case numbers, or any other PII in public-facing comments or responses to third-party emails.

Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance, and government employees do not charge for any recovery assistance provided.

If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.

And always remember the golden rule: If it looks “phishy,” don’t click.

Since it’s clear that COVID-19 scams aren’t going anywhere, let’s do a recap of online financial safety best practices:

  • Don’t click on links from sources you don’t know. It could download a virus onto your computer or device. Make sure the anti-malware and anti-virus software on your computer is up to date.
  • Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
  • Ignore online offers for vaccinations. If you see ads touting prevention, treatment, or cure claims for the Coronavirus, ask yourself: if there’s been a medical breakthrough, would you be hearing about it for the first time through an ad or sales pitch?
  • Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
  • Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result.