Recent attacks use phishing emails to impersonate the U.S. Small Business Administration (SBA) and rely on Google Forms to host phishing pages that steal the personal details of business owners.
COVID-19-themed phishing campaigns are not unheard of in the U.S., but this time the attack is actually based on a legitimate financial recovery program the SBA ran in the past. It is worth mentioning that no such initiatives are being officially implemented at me moment.
The phishing emails lure their recipients with grants for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan”, which they can apply for by filling out a form.
According to INKY, once the link is clicked and the victim is directed to Google Forms, the questions are designed to extract users personally identifiable information (PII) and include EIN, SSN, driver’s license details, and bank account information.
BleepingComputer explains that phishing actors take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that come with legitimate Software-as-a-Service (SaaS) platforms. Google Forms is no exception, this particular instance turning them into a victim of a credential harvesting and brand impersonation scheme.
First of all, business owners should keep in mind that the SBA would never request such information be submitted by means of Google Forms, but rather directly on their site. Also, as mentioned in the beginning of this article, the organization is no longer accepting applications to their COVID-19 relief loan and grant programs.
Business owners are advised to remain vigilant and treat all incoming messages offering financial support with suspicion, as well as check sender details. In this case, the phishing email content is full of grammar errors that should raise a few questions related to its origin. Additionally, the use of all caps in “GRANT MONEY” feels and looks unprofessional.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!