The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

New Phishing Campaign Targets SBA COVID-19 Loan Relief Accounts

by Chris Brook on Thursday August 13, 2020

Contact Us
Free Demo

Scams targeting small businesses are unfortunately commonplace these days. The latest attempts to phish business owners' SBA loan relief logins.

From phishing to BEC scams, attackers - looking to capitalize on fear and anxiety - have found myriad ways to exploit the ongoing COVID-19 crisis over the last five months.

The latest attack vector appears to revolve around an attacker who's spoofing the U.S. Small Business Administration's COVID-19 loan relief website via phishing emails.

In an alert on Wednesday, the Department of Homeland Security's Cybersecurity & Infrastructure Security Agency warned of an uptick in emails pretending to come from the SBA directing victims to a phony SBA login site. The emails try to convince would be victims that they need to access the fake portal in order to review their SBA application.

The goal of the campaign appears to be credential stealing. According to CISA, the emails have been sent primarily to Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients at the moment.

The campaign is sending victims to sites that mimic the actual SBA login page:

It’s probably not a huge surprise that when checked on Thursday, the main site the campaign was sending victims to resolved a 404 – page not found error.

CISA is warning users to be on the lookout for the following characteristics in an email:

  • A subject line, SBA Application – Review and Proceed
  • A sender, marked as disastercustomerservice@sba[.]gov
  • Text in the email body urging the recipient to click on a hyperlink to address:


  • The domain resolves to IP address: 162.214.104[.]246

To make sure no one at your organization falls victim to the phishing attack, CISA is encouraging administrators follow a lot of the same best practices it recommends year in and year out. Admins should make sure users exercise caution when opening email attachments, ensure systems have the latest security updates, and disable file and printer sharing services if they haven't already.

Attackers have narrowed their sights on SBA loan scams since the pandemic hit.

The Federal Trade Commission warned about scams looking to get business owners bank account numbers, employees' Social Security numbers and money in April.

In May, the SBA’s Office of Inspector General posted a series of warnings around emerging fraud schemes. The OIG advised individuals to ensure emails from the SBA come from accounts ending with, double check that any referenced application numbers are consistent from email to email, and to immediately suspect fraud when someone contacts you promising you a loan approval.

Tags: Phishing

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.