SBA warning on Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.
CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:
A subject line, SBA Application – Review and Proceed
The domain resolves to IP address: 162.214.104[.]246
Figure 1 is a screenshot of the webpage arrived at by clicking on the hyperlink.
Figure 1: Webpage arrived at via malicious hyperlink.
CISA recommends using the following best practices to strengthen the security posture of an organization’s systems. System owners and administrators should review any configuration change prior to implementation to avoid unwanted impacts.
· Include warning banners for all emails external to the organization.