Online Phishing Scams Target Small Biz Owners

The U.S. Small Business Administration is warning SBA loan recipients of a scam targeting business owners. In response, a cyber warning alert has been sent to loan recipients who sought federal aid due to the coronavirus pandemic.

“Email phishing campaigns where malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information for fraudulent purposes have surfaced,” states the release. “The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect personally identifiable information.”

SBA Data Breach

Back in April, you’ll recall an SBA data break that exposed sensitive data of approximately 8,000 small businesses. This exposed data may now be used for these types of scams which the SBA is warning small biz owners about.  According to the release, any email communication from the SBA will come only from email accounts ending in sba.gov. Loan applicants are asked to be on the lookout for email scams and phishing attacks using the SBA logo. These may be attempts to obtain personal information, access personal banking accounts, or install ransomware or malware.

SBA borrowers, especially those who applied to the Economic Injury Disaster Loans (EIDL), should be on the lookout for phishing campaigns, officials said.

See image below (courtesy of Malwarebytes Labs) for what to look for:

How to Spot a Scam

Scams have included attempts to collect personal information, access to banking accounts, or install ransomware or malware on your computer or device.

The SBA said in the warning that it does not use third-party, non-government platforms to collect or “follow” small business owners online. Furthermore, they do not ask for fees or payment in order for small business owners to apply for financial assistance. Government employees do not charge for recovery assistance, officials noted.

The SBA recommends users be on the lookout for coronavirus assistance-related emails containing the SBA logo. Any communication requesting personal information or containing attachments may be a potential phishing scam, Users should always double-check web addresses, confirm the application numbers in an email are correct. Also, avoid clicking on or opening any suspicious links or attachments.

If you suspect an email or other form of contact as a possible scam, report it online or by calling 1-800-767-0385.