On August 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) posted a public alert that an unknown malicious cyber actor is actively attempting to direct individuals to a fraudulent Small Business Administration (SBA) COVID-19 Loan Relief webpage. Any visitors to the webpage are then targeted for their login credentials or for further malicious re‑direction. Phishing emails appear to be the malicious cyber actor's primary method of engagement with victims.
Email phishing attacks will generally impersonate a legitimate person or institution, and sophisticated phishing attacks are adept at mirroring the formatting and language of the entity they are attempting to impersonate. These attacks will often include hyperlinks to compromised webpages or malicious file attachments.
Please select this link to read the complete article from Venable, LLP.