Phishing campaign lures US businesses with fake PPP loans

by chebbi abir

Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a Paycheck Protection Program (PPP) loan to keep their business going during the COVID-19 crisis.

PPP allows businesses to apply for an SBA loan designed to help them keep their workforce employed throughout the current pandemic.

This loan program was launched by the U.S. government on April 3rd, 2020, as part of the CARES act, which allows small business owners to apply for low-interest loans that will be forgiven by the government if used for payroll.

The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.

In the phishing messages, they are posing as the president of World Trade Finance, a delegated SBA lender that finances small businesses with government-backed loans up to $5,000,000.

As found by researchers at email security company Abnormal Security who spotted this phishing campaign, the targets are lured with a link to a Microsoft Forms survey camouflaged as a PPP registration form.

Phishing-email-PPP-SBA
Phishing email (Abnormal Security)

After clicking the link embedded in the phishing email, the targets are redirected to a page where they are asked to enter sensitive business information including but not limited to the owner’s social security number, name, and date of birth.

The targets are also asked to provide business information including cost of operation, cost of goods, and gross revenues for the twelve months before the pandemic.

“If recipients fall victim to the phishing ploy and enter their credentials, they provide attackers with confidential information that would expose their business to fraudulent activity,” Abnormal Security said.

“The attack was sent to a mass amount of receipts, increasing its chances of someone falling prey,” using a sender email from a domain designed to mimic an official government SBA site (i.e., payments@sba.pppgov.com).

Phishing landing page
Phishing landing page (Abnormal Security)

A similar phishing campaign has targeted the hundreds of thousands of small businesses that applied for Payroll Protection Program SBA loans in April 2020.

Those attacks, however, were focused on trying to steal Microsoft account credentials by asking the targets to sign into their accounts via a phishing landing page designed to resemble a Microsoft login page.

All entered credentials were stolen by the attackers to later be used in Business Email Compromise (BEC) scams, network compromise, or in further phishing attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also alerted businesses of phishing campaigns attempting to harvest logins for Small Business Administration COVID-19 loan relief accounts.

To prevent falling victim to such attacks, you should check the source of the email messages for the sender address to find the real sender even if the email comes from a spoofed address. 

Also, paying attention to the URL in your web browser’s address bar will allow you to avoid entering information on phishing pages hosted on Google Docs, Microsoft Forms, and other similar online services.

To read the original article:

https://www.bleepingcomputer.com/news/security/phishing-campaign-lures-us-businesses-with-fake-ppp-loans/

Top

Interdit de copier  ce contenu