Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Technical Details
CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:
- A subject line, SBA Application – Review and Proceed
- A sender, marked as disastercustomerservice@sba[.]gov
- Text in the email body urging the recipient to click on a hyperlink to address:
- hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
- The domain resolves to IP address: 162.214.104[.]246
Below is a screenshot of the webpage arrived at by clicking on the hyperlink in the email.
Read the full alert including Mitigation recommendations here.