Malicious cyber threat actors are actively involved in COVID-19 phishing by spoofing (pretending to be) the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails usually include malicious links to websites that look like the SBA’s coronavirus relief website with the intent of stealing credentials for the online accounts of victims.
COVID-19 phishing emails target executives of companies and organizations, leaders of state, local, tribal, and territorial government recipients, as well as small business owners with subject lines like “SBA Application – Review and Proceed”, or text in the email body urging the recipient to click on a link to a bogus website address.
What is Phishing?
According to the Legal Dictionary, the term phishing refers to “the act of fraudulently acquiring someone’s personal and private information, such as online account names, login information, and passwords.”
This information may then be used to steal money, order products using the victim’s credit cards, and otherwise defraud the victim. Phishing is accomplished through online means, meaning through the use of email, social media, and other internet-related methods.
Why is COVID-19 Phishing Dangerous?
Because small businesses are facing an unprecedented economic disruption due to the Coronavirus (COVID-19) outbreak, the U.S. Federal government passed the CARES Act on March 27, 2020. The Act, which is seen as a set of economic stimulus programs, is administered by the U.S. Small Business Administration (SBA) and contains emergency relief resources for American workers and small businesses.
The sole aim of these COVID-19 phishing emails is to defraud business owners by requiring payment up front for loan applications, or offering high interest bridge loans “pending loan approval”.
In additions, these COVID-19 phishing scams are attempts to obtain personally identifiable information (PII), personal banking access, or the installation of ransomware/malware on victim computers.
How to Protect Against COVID-19 Phishing Scams
These attacks are so dangerous that the Department of Homeland Security issued an alert not too long ago, and recommended using the following best practices to strengthen the security posture of your organization’s systems:
- Include warning banners for all emails external to the organization.
- Maintain up-to-date antivirus signatures and engines. See Why Small Organizations Need Vulnerability Management.
- Ensure systems have the latest security updates. See Learn more about Patch Management.
- Disable file and printer sharing services.
If these services are required, use strong passwords or Active Directory authentication.
- Restrict users’ permissions to install and run unwanted software applications.
Do not add users to the local administrators’ group unless required.
- Enforce a strong password policy, and where possible, use two-factor authentication. See Two-Factor Authentication: Protecting Your Online Accounts.
- Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known. See How You Can Protect Your Oranzation from Malicious Attachments.
- Enable a personal firewall on agency workstations that is configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
- Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
- Scan all software downloaded from the internet prior to executing.
- Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
If you need assistance with managing the security of your computer network, Tech Prognosis can help.
Contact us today, or call us at (512) 814-8044.