The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert in August about an unknown malicious cyber actor who is spoofing the Small Business Administration's (SBA) COVID-19 relief webpage through phishing emails. The phishing email subject line was “SBA Application – Review and Proceed,” and the sender was labeled as “disastercustomerservice@sba[.]gov.”
The fraudulent emails urge recipients to click on a link in the body of the notification which redirects them to a fake page that looks like the real SBA site. The page displays a box that says: Sign into Your Account to access your SBA Economic Injury Disaster Loan Portal Account to review your application and track your loan status. This box is designed to capture credential information which is then used to steal data or money from the business.
Lakeland Bank recommends signing up for CISA’s free vulnerability scanning and testing services to help organizations secure internet-facing systems from weak configuration and known vulnerabilities. Email vulnerability_info at cisa dot dhs.gov to sign up and visit https://www.cisa.gov/cyber-resource-hub for more information about vulnerability scanning and other CISA cybersecurity assessment services.
Business owners and their staff are the first line of defense against these types of criminal activities. Many businesses focus on the physical security of their workplace—video surveillance, alarm systems, employee key fobs—but neglect implementing policies to safeguard the company from being infiltrated via online channels. By learning all you can about cybersecurity and sharing that information with your employees, together you can better protect the company from becoming a target.
Start by sharing our How to Identify and Avoid Phishing Scams blog. It’s a great resource to learn about the different types of phishing schemes as well as how to spot and avoid these types of cyber attacks.
The best advice any business owner should follow is to practice cybersecurity 24/7, because that’s the frequency at which these professional hackers work! This blog on Creating a Culture of Cybersecurity at Your Business may offer other great advice and we encourage you to visit Lakeland Bank’s Simply Speaking Blog to learn more about cybersecurity related topics.