Resource KT
Related Articles
As hundreds of thousands of small businesses in the United States eagerly await news of their SBA Payroll Protection Program loans, malicious actors send out phishing emails that take advantage of their anxiety to steal accounts from messaging.
On April 3, as part of the CARES Act, the US government launched the SBA Payroll Protection Program (PPP) loan program that allows small business owners to apply for a low-interest loan. For companies that use this loan for payroll, it will be canceled by the US government.
With its launch, however, many banks were unable to operate quickly enough, and many small business owners were unable to submit applications or receive loans until the initial $ 350 billion was over. exhausted.
On Thursday, the government approved an additional $ 310 billion to be allocated to PPP loans. On the same day, a new phishing campaign was carried out that targets business owners who are eagerly awaiting news from their banks.
Using fear and anxiety to harvest email credentials
In a new phishing campaign discovered by abnormal security, attackers send emails claiming to be from a CARES act representative who needs a signature on a document “PPP_CARES_SignaturePG1-2” for the payroll protection program.
The email contains a link titled “Review File and Sign” which, when clicked, will take the recipient to a landing page asking them to sign in to their Microsoft account. All credentials entered will be stolen by attackers for use in BEC scams, potential network compromise, or other phishing scams.
While it’s easy to tell that no one would fall for such a scam and enter their credentials on a freelance website, it’s important to remember that this is a very busy time. unusual.
Small business owners fear losing their businesses and having to lay off employees, employees fear losing their jobs, and those who are made redundant want their jobs back.
Due to this heightened anxiety and tension, it is possible for a small business owner to rush to inquire about their loan application without paying close attention to the website they are submitting their username and name to. password.
That said, even though we are going through a scary time, it’s still important to remember that threat actors tackle times like this.
Therefore, everyone needs to be even more diligent about the links they click, the files they download, the pages they enter their credentials on, and the programs they run.
That extra second or two of looking at things before you act can make all the difference you need to protect yourself, your business, and your network from malicious actors.
