SBA PPP Loan Phishing Attacks (COVID-19)

SBA PPP Loan Phishing Attacks (COVID-19)

On Friday, April 3rd 2020, banks across the US started accepting Payroll Protection Program applications(PPP), allowing companies to borrow money during the COVID-19/Coronavirus crisis. The loan originates from the passing of the CARES act, which provides support for businesses impacted by the global pandemic. For more information on the PPP visit the SBA website.

With the launch of these loans, banks are struggling to create the infrastructure and process needed to handle these applications. The SBA loan applications are urgent, as they are first come, first serve. On the first day of the launch, Bank of America received 177,000 applications and many other institutions were having their doors beaten down with questions from inquiring companies.

This urgency and lack of infrastructure leads to people seek answers to help themselves if their bank isn't responding quickly enough. That’s the perfect breeding ground for social engineering & phishing attacks.

It’s unfortunate that during these difficult times, there has been a steep increase in phishing attacks; starting with offers of a vaccine and now, attacks targeting businesses that are in desperate need of capital.

A PPP spearphishing page.

Our product, Airlock has discovered a number of these malicious sites in the wild targeting companies searching for the easiest and quickest method to get their application in to the SBA. Airlock immediately marked these sites as malicious while sending out notifications to our business customers with the “breadcrumbs” of the attack - a timeline of where the user browsed prior to arriving on the phishing page. This helps in understanding their origin and if the victim was targeted or simply seeking a solution.

If you’re a business or individual looking for PPP or other SBA loans, please consider contacting your bank directly and don’t use search engines to identify an easier alternative. If you must, confirm that URL and the source is 100% credible and trusted.

If you’re interested in keeping yourself and your business safe from malicious sites trying to steal information, reach out to rick@apozy.com or sign up at https://www.apozy.com. Apozy Airlock is free for companies feeling the impact of COVID-19/Coronavirus.

Rick Deacon

CEO & Founder at Apozy. Former hacker.

See more posts from Rick Deacon