CISA Release Date: August 12, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.
CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:
- Subject line: SBA Application – Review and Proceed
- Sender: Email sender will be marked as firstname.lastname@example.org
- Body: Text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting.com.br/gov/covid19relief/sba.gov
Below is a screenshot of the webpage arrived at by clicking on the hyperlink.