Security News > 2020 > August > How phishing attacks have exploited the US Small Business Administration
The US Small Business Administration has been offering loans to businesses and other groups affected by the pandemic and lockdown, turning it into a target ripe for impersonation in phishing attacks.
A report published Monday by security firm Malwarebytes tracks some of the different phishing campaigns that have sought to exploit the SBA. SEE: Coronavirus: Critical IT policies and tools every business needs.
Phishing emails were found containing malicious attachments with names such as "SBA Disaster Application Confirmation Documents COVID Relief.img." The emails used the SBA logo and branding and prompted recipients to complete a grant for small business disaster assistance.
Following the April campaign, a second wave of phishing emails appeared, complete with SBA logos and branding and claiming to be from the SBA's Office of Disaster Assistance.
Beyond digging deeper into the emails, Malwarebytes offers other advice on how to protect yourself against these phishing attacks.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)