SBA Spoofing Scams

CISA Scam Alert Banner

 

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

The phishing email contains:

  • A subject line, SBA Application – Review and Proceed
  • A sender, marked as disastercustomerservice@sba[.]gov
  • Text in the email body urging the recipient to click on a hyperlink that leads to hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov

In addition to this specific phishing email, some additional scam and fraud schemes can be found below:

Grants
The SBA does not initiate contact on either 7a or Disaster loans or grants.  If you are proactively contacted by someone claiming to be from the SBA, suspect fraud.

Loans
If you are contacted by someone promising to get approval of an SBA loan, but requires any payment up front or offers a high interest bridge loan in the interim, suspect fraud.

Phishing
If you are in the process of applying for an SBA loan and receive email correspondence asking for personally identifiable information (PII), ensure that the referenced application number is consistent with the actual application number.

Look out for phishing attacks/scams utilizing the SBA logo.  These may be attempts to obtain your personally identifiable information (PII) to obtain personal banking access, or to install ransomware/malware on your computer.

Any email communication from SBA will come from accounts ending with “sba.gov”.

The presence of an SBA logo on a webpage does not guarantee the information is accurate or endorsed by SBA.  Please cross-reference any information you receive with information available at www.sba.gov.