Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing

August 13, 2020 The Village Bank

CISA Release Date: August 12, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

Technical Details

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

Subject line: SBA Application – Review and Proceed
Sender: Email sender will be marked as disastercustomerservice@sba.gov
Body: Text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting.com.br/gov/covid19relief/sba.gov

Below is a screenshot of the webpage arrived at by clicking on the hyperlink.

Click here to read the full alert.

You are now leaving The Village Bank

Weblinks – By clicking the link to an outside URL, you will enter a web site created, operated and maintained by a private business or organization. The Village Bank provides this link as a service to our website visitors. We are not responsible for the content, views, or privacy policies of this site. We take no responsibility for any products or services offered by this site, nor do we endorse or sponsor the information it contains. Village Bank is not responsible for the accessibility of this link. Email – Email is not secure. Time-sensitive requests or private information, such as account numbers, should not be sent via email.

You will be redirected to

Click the link above to continue or CANCEL