Small Businesses Targeted Through Spoofed SBA COVID-19 Relief Webpage
August 17, 2020
The Cybersecurity and Infrastructure Security Agency issued an alert yesterday about an unknown malicious cyber actor who is spoofing the Small Business Administration's COVID-19 relief webpage through phishing emails. The phishing emails contain a malicious link to a fake page used for re-directs and credential stealing. The current phishing email subject line currently reads, “SBA Application: Review and Proceed,” and the sender is marked as “disastercustomerservice@sba[.]gov.” The senders email address and title of email would be subject to change by the fraudsters as they continue to attack the SBA process and customers.
System owners and administrators should review any configuration change prior to implementation to avoid unwanted impacts.
Include warning banners for all emails external to the organization.
Maintain up-to-date antivirus signatures and engines.
Ensure systems have the latest security updates.
Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users' permissions to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
Enforce a strong password policy.
Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations that is configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious email attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
Monitor users' web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
Scan all software downloaded from the internet prior to executing.