ALERT: Malicious Cyber Actor Spoofing COVID-19 SBA Loan Website via Phishing Emails

08.13.2020

 

Staff Contribution

 

Summary
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

 

Technical Details
CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

A subject line, SBA Application – Review and Proceed

A sender, marked as disastercustomerservice@sba[.]gov

Text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov

The domain resolves to IP address: 162.214.104[.]246

 

For more information about the attack please click here.