Open Icon Key

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

Compliance Basics
in Compliance Basics

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

Technical Details

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

  • A subject line, SBA Application – Review and Proceed
  • A sender, marked as disastercustomerservice@sba[.]gov
  • Text in the email body urging the recipient to click on a hyperlink to address:
  • hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
  • The domain resolves to IP address: 162.214.104[.]246

Below is a screenshot of the webpage arrived at by clicking on the hyperlink in the email.

It's a Scam!

 

Read the full alert including Mitigation recommendations here.

Close