The US Small Business Administration (SBA) does the important work of supporting small businesses in the US. They provide a lot of resources, but none more important than small business loans. And with the onset of COVID-19, the organization has come up with unprecedented emergency financial relief options for small businesses. And of course, with that much money being made available, it was only a matter of time before hackers tried to get their hands on it.
What has transpired is a never-ending siege of phishing attacks targeted at the SBA and the small businesses that use it. According to a study by Malwarebytes, “The phishing emails impersonate the US Small Business Administration (SBA), and are aimed at delivering malware, stealing user credentials or committing financial fraud. In each of these campaigns, criminals are spoofing the sender’s email so that it looks like the official SBA’s. This technique is very common and unfortunately often misunderstood, resulting in many successful scams.”
The attacks have come in three waves according to Tech Republic. “April saw the first round of coronavirus-related attacks designed to deploy malware. The emails used the SBA logo and branding and prompted recipients to complete a grant for small business disaster assistance.”
“Following the April campaign, the second wave of phishing emails appeared, complete with SBA logos and branding and claiming to be from the SBA’s Office of Disaster Assistance. Promising that the recipient’s SBA application has been approved, the message invited them to click a button to review the funding process.”
“Spotted by Malwarebytes in early August, the third wave of phishing emails ask the recipient to fill out an attached form for disaster loan assistance. The user is prompted to provide both personal and financial information, specifically bank account details. As with the other campaigns, this one uses SBA branding and sender addresses that seem to come from the agency.”
Things have gotten so bad, “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts,” according to Bleeping Computer.
The one thing that most of these small businesses have in common is very poor cyber defenses to combat this onslaught of phishing attacks. Most business owners are so distracted, it’s not surprising that they don’t spot the phishing emails. And even though they probably don’t think it’s important, perhaps the best thing these small business owners can do right now is to deploy Phishing Protection software from DuoCircle.
What would keep these small business owners from deploying email security? Time and money. They probably think it takes a long time and costs a lot. And that’s the beauty of Phishing Protection. It sets up in 10 minutes and only costs pennies per employee per month.
It’s hard to get a small business owner’s attention now, especially when they’re scrambling to find money just to stay afloat. But if there was ever a reason to take a small amount of time and make a small investment in the future of their business, Phishing Protection is it. If you’re a small business owner, or you know one, tell them about Phishing Protection. And also tell them they can try it free for 60 days. That ought to help.