From phishing to BEC scams, attackers - looking to capitalize on fear and anxiety - have found myriad ways to exploit the ongoing COVID-19 crisis over the last five months.

The latest attack vector appears to revolve around an attacker who's spoofing the U.S. Small Business Administration's COVID-19 loan relief website via phishing emails.

In an alert on Wednesday, the Department of Homeland Security's Cybersecurity & Infrastructure Security Agency warned of an uptick in emails pretending to come from the SBA directing victims to a phony SBA login site. The emails try to convince would be victims that they need to access the fake portal in order to review their SBA application.

The goal of the campaign appears to be credential stealing. According to CISA, the emails have been sent primarily to Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients at the moment.

The campaign is sending victims to sites that mimic the actual SBA login page:

It’s probably not a huge surprise that when checked on Thursday, the main site the campaign was sending victims to resolved a 404 – page not found error.

CISA is warning users to be on the lookout for the following characteristics in an email:

• A subject line, SBA Application – Review and Proceed
• A sender, marked as disastercustomerservice@sba[.]gov
• Text in the email body urging the recipient to click on a hyperlink to address:

hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov

• The domain resolves to IP address: 162.214.104[.]246

To make sure no one at your organization falls victim to the phishing attack, CISA is encouraging administrators follow a lot of the same best practices it recommends year in and year out. Admins should make sure users exercise caution when opening email attachments, ensure systems have the latest security updates, and disable file and printer sharing services if they haven't already.

Attackers have narrowed their sights on SBA loan scams since the pandemic hit.

The Federal Trade Commission warned about scams looking to get business owners bank account numbers, employees' Social Security numbers and money in April.

In May, the SBA’s Office of Inspector General posted a series of warnings around emerging fraud schemes. The OIG advised individuals to ensure emails from the SBA come from accounts ending with sba.gov, double check that any referenced application numbers are consistent from email to email, and to immediately suspect fraud when someone contacts you promising you a loan approval.