The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 relief webpage via phishing emails. These emails include a malicious link to a fake page used for malicious re-directs and credential stealing.
Small business owners and organizations at all levels should review the alert and apply the recommended mitigations to strengthen the security posture of their systems. We encourage you to share this alert with anyone who might be able to use it.
This alert can be found here and at cisa.gov/coronavirus.
Office of Intergovernmental Affairs
U.S. Department of Homeland Security