Fraudsters Spoofing SBA Target PPP Loan Recipients

We’ve received an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that fraudsters armed with fake email addresses and websites are targeting PPP recipients to obtain Small Business Administration (SBA) COVID-19 loan relief login credentials. Don’t give it to them. 

The real SBA will not ask you to log in to SBA.gov for PPP information.  If you hand over your login information to fraudsters, it will be used for nefarious purposes. Fortunately, thwarting their plan is easy: You just need to stay informed and be vigilant.

How to spot the SBA Spoofing scam

The malicious email appears to come from disastercustomerservice@sba.gov and has the subject line “SBA Application – Review and Proceed.” It contains a malicious link to a fake SBA COVID-19 Relief page, where PPP recipients are prompted to log in with their SBA credentials. Again, the SBA will not ask you to log in to SBA.gov for PPP information. If you receive an email from this address, don’t even open it. Instead, congratulate yourself for being vigilant and hold your head a little bit higher for the rest of the day. 

What to do if you believe you’ve received an SBA spoofing email

If you receive an email about your PPP loan and are unsure if the email or sender is legitimate, you can call Umpqua Bank at 866-486-7782. You can also visit  https://www.umpquabank.com/security-center/ for tips on protecting your online identity and how to identify red flags.   

If you believe you may be a victim of cyber fraud, please contact Umpqua Bank immediately at 866-486-7782 or visit  https://www.umpquabank.com/help-center/report-fraud/.

Please see the alert  for more information, including the IP address, indicators of compromise, and recommended mitigations for small businesses and organizations to take to strengthen their cybersecurity posture.  

Quick tips for detecting spoofed hyperlinks and websites

Wondering if a link you’ve been sent might be fraudulent? Try hovering your cursor over any link in the body of an email. If the link doesn’t match the text that appears when hovering over it, it may be spoofed.  

Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Be sure to check before providing any sensitive information. Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link. Be on the lookout and make sure you trust the site before proceeding. 

Learn more about staying safe from fraudsters:

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails 

Avoiding Social Engineering and Phishing Attacks