Recent attacks use phishing emails to impersonate the U.S. Small Business Administration (SBA) and rely on Google Forms to host phishing pages that steal the personal details of business owners.
COVID-19-themed phishing campaigns are not unheard of in the U.S., but this time the attack is actually based on a legitimate financial recovery program the SBA ran in the past. It is worth mentioning that no such initiatives are being officially implemented at me moment.
Fake Grants Real Threat
The phishing emails lure their recipients with grants for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan”, which they can apply for by filling out a form.
According to INKY, once the link is clicked and the victim is directed to Google Forms, the questions are designed to extract users personally identifiable information (PII) and include EIN, SSN, driver’s license details, and bank account information.
Upon a Closer Look
BleepingComputer explains that phishing actors take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that come with legitimate Software-as-a-Service (SaaS) platforms. Google Forms is no exception, this particular instance turning them into a victim of a credential harvesting and brand impersonation scheme.
First of all, business owners should keep in mind that the SBA would never request such information be submitted by means of Google Forms, but rather directly on their site. Also, as mentioned in the beginning of this article, the organization is no longer accepting applications to their COVID-19 relief loan and grant programs.
Business owners are advised to remain vigilant and treat all incoming messages offering financial support with suspicion, as well as check sender details. In this case, the phishing email content is full of grammar errors that should raise a few questions related to its origin. Additionally, the use of all caps in “GRANT MONEY” feels and looks unprofessional.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Online disclosure of 5+ million Twitter users’ stolen information - 30 November 2022
- U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer - 29 November 2022
- Researchers Quietly Cracked Zeppelin Ransomware Keys - 23 November 2022