Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

August 18, 2020

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

Technical Details

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

• A subject line, SBA Application – Review and Proceed
• A sender, marked as disastercustomerservice@sba[.]gov
• Text in the email body urging the recipient to click on a hyperlink to address:
• hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
• The domain resolves to IP address: 162.214.104[.]246

Below is a screenshot of the webpage arrived at by clicking on the hyperlink in the email.

 

Read the full alert including Mitigation recommendations here.