CISA and SBA both Alert on COVID-19 Small Business Scams
Both CISA (Cybersecurity and Infrastructure Security Agency) and the SBA (Small Business Administration) have issued separate alerts on COVID-19 small business scams. CISA is alerting specifically on a scam that appears to be imitating the SBA’s COVID-19 loan relief webpage. The SBA is alerting on multiple known SBA scams involving grants and loans. Both alerts specifically discuss phishing emails as the leading method deployed by the cyber-scammers.
CISA Small Business Scam Alert
CISA has stated the scam they’re tracking appears to be a credential stealing scam. The following are red flags you should be aware of:
- “SBA Application – Review and Proceed” in the subject line
- “disastercustomerservice@sba[.]gov” as the sender
- “hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov” as a link to click on
SBA Small Business Scam Alert
The SBA has stated the following to assist in identifying other grant and loan scams:
- The SBA does not initiate contact in regards to disaster loans or grants
- Beware if the email suggests approval for a loan but requires any payment upfront or offers a high interest bridge loan in the interim
- Beware if any fees are more than 3% for loans $50,000 or less and 2% for loans $50,000-$100,000 with an additional ¼% on amounts over $1,000,000
How to Recognize Small Business Scams
It is important to stay diligent of COVID-19 scams and other cybersecurity scams. As we move further along in the COVID-19 pandemic, these scams will continue. Answer these questions to help identify COVID-19 and other small business scams:
- Do you know the sender?
- Are they urging you to open an attachment or to click a link?
- Did the email come after standard business hours?
- Was the email unsolicited?