Homeland Security's National Cyber Awareness System has issued an alert concerning an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. The phishing emails have carried a Subject line of "SBA Application - Review and Proceed." The sender is identified as "[email protected]." Clicking on a link in the email takes the phishing target to a spoofed SBA webpage (https://leanproconsulting.com.br/gov/covid19relief/sba.gov) that asks the target to "Sign in to Your Account." The page captures the sign-in attempt and steals the target's log-in credentials.
