Why Phishing Resistance Training Matters: Defending Against the New SBA COVID-19 Relief Phishing Scam
With an increase of more than 600% since the start of the global pandemic, phishing is the most common (and dangerous) threat of 2020. But not all phishing and spear phishing scams are built the same. Clever cybercriminals know they need to go the extra mile to try to pull off major scams with major paydays – and major consequences. Enter the new SBA COVID-19 relief phishing scam.
In a Cybersecurity & Infrastructure Security Agency (CISA) warning that released on 8/12/20, the agency noted that it is “currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.”
A clever and dangerous new scam preys on businesses
So far, investigators have determined that the bad actors have kicked off their cybercrime spree by sending a phishing email to Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients.
Here’s the structure of the scam:
- A highly convincing phishing email hooks the user
- The subject line, SBA Application – Review and Proceed, looks legitimate
- The sender is marked as disastercustomerservice@sba[.]gov
- Text inside urges the recipient to click on a hyperlink to address:
hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov - The domain resolves to IP address: 162.214.104[.]246
- And that website appears to be intended for malicious re-directs and credential stealing
The warning goes on to detail potential mitigations against this scam, including using warning banners for all emails external to an organization, ensuring that all systems have the latest security updates, and maintaining up-to-date antivirus signatures and engines.
No comments:
Post a Comment