CISA and SBA both Alert on COVID-19 Small Business Scams

Both CISA (Cybersecurity and Infrastructure Security Agency) and the SBA (Small Business Administration) have issued separate alerts on COVID-19 small business scams. CISA is alerting specifically on a scam that appears to be imitating the SBA’s COVID-19 loan relief webpage. The SBA is alerting on multiple known SBA scams involving grants and loans. Both alerts specifically discuss phishing emails as the leading method deployed by the cyber-scammers.

CISA Small Business Scam Alert

CISA has stated the scam they’re tracking appears to be a credential stealing scam. The following are red flags you should be aware of:

  1. “SBA Application – Review and Proceed” in the subject line
  2. “disastercustomerservice@sba[.]gov” as the sender
  3. “hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov” as a link to click on

SBA Small Business Scam Alert

The SBA has stated the following to assist in identifying other grant and loan scams:

  1. The SBA does not initiate contact in regards to disaster loans or grants
  2. Beware if the email suggests approval for a loan but requires any payment upfront or offers a high interest bridge loan in the interim
  3. Beware if any fees are more than 3% for loans $50,000 or less and 2% for loans $50,000-$100,000 with an additional ¼% on amounts over $1,000,000

How to Recognize Small Business Scams

It is important to stay diligent of COVID-19 scams and other cybersecurity scams. As we move further along in the COVID-19 pandemic, these scams will continue. Answer these questions to help identify COVID-19 and other small business scams:

Questions to answer to identify business scam

Questions to answer to identify business scam

  1. Do you know the sender?
  2. Are they urging you to open an attachment or to click a link?
  3. Did the email come after standard business hours?
  4. Was the email unsolicited?

For more tips, check out our tip sheet and explore all of our offerings at SmallBusinessBigThreat.com