24 Aug 2020 Cybercriminals and SBA Loans
Cybercriminals have had a field day with COVID-19. Many have used the outbreak to create malware associated with the virus. They spoof organizations involved in relief efforts, whether medical or financial.
The US Small Business Administration (SBA) has been offering loans to businesses and other groups affected by the pandemic, turning it into a new target for phishing attacks. Below is information on some of the different phishing campaigns.
First method of attack
In April there was a round of Coronavirus-related attacks designed to deploy malware. Phishing emails were found containing malicious attachments with names such as “SBA_Disaster_Application_Confirmation_Documents_COVID_Relief.img.” The SBA logo and branding were used and prompted recipients to complete a grant for small business disaster assistance. One piece of malware hidden in the attached files was “GuLoader,” which is used to download the payload of your choice at the same time it attempts to evade antivirus detection.
Second method of attack
A second method of phishing emails later appeared, again complete with SBA logos and branding. This email promised the recipient’s SBA application has been approved. The email invited to click a button to review the funding process. The link in that button took users to the phishing page, which attempts to obtain certain account credentials to scam them in the future. A tip-off is seen from the URL that pops up when you hover over the button as the address has no connection with the SBA.
Third method of attack
In early August, a third method of attack from phishing emails asked the recipient to fill out an attached form for disaster loan assistance. The user is prompted to provide both personal and financial information, specifically bank account details. Again, the SBA branding and sender addresses seem to come from the agency. However, the domain for the phishing page clearly doesn’t belong to the government.
Looking deeper into these emails can reveal clues as to their legitimacy, or lack thereof. Depending on your email provider, you can often view the header information for each specific message and see the host name.
Beware of the sender’s address. Perhaps the biggest takeaway is the sender’s address can easily be spoofed and is in no way a solid guarantee, even if it looks exactly the same.
Double-check the information. Double-check any suspicious email by phoning the organization. Never dial the number found in an email or left on a voice mail as it could be fake.