September 16, 2020
The U.S. Small Business Administration is sending a cyber warning alert to loan applicants seeking federal aid in response to the Coronavirus (COVID-19) pandemic. Email phishing campaigns where malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information (PII) for fraudulent purposes have surfaced. The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect personally identifiable information. It should be noted that any email communication from the SBA will come from email accounts ending in sba.gov, and nothing more. Loan applicants are being advised to look out for email scams and phishing attacks using the SBA logo. These may be attempts to obtain PII, access personal banking accounts, or install ransomware or malware. Applicants are also advised to help protect their identity and privacy by never providing their full name, date of birth, social security number, address, phone numbers, email addresses, case numbers, or any other PII in public-facing comments or responses to third-party emails. The SBA will not use a third-party platform to: Actively seek PII Search a third-party platform for or by PII, or “Follow” public users proactively without a waiver. Borrowers who are in the process of applying for an SBA loan and receive email correspondence asking for PII are cautioned to ensure that any application numbers referenced in the email are consistent with their actual application number. Loan applicants and borrowers are also advised not to click on any links or open any attachments, which are often used in phishing email scams. Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance, and government employees do not […]