A scammer is sending bogus emails from the US Small Business Administration to steal personal information from unsuspecting Americans, the feds have warned.
The messages direct potential victims to a malicious webpage disguised as an SBA website that the “unknown malicious cyber actor” uses to steal credentials, according to an alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
The alleged scam is one of several reported attempts by cybercriminals to pose as the federal agency tasked with distributing billions of dollars in coronavirus relief loans to struggling businesses.
The emails — which have been sent to federal, state and local government officials — are doctored to look like they’re coming from an official SBA account with the subject line “SBA Application — Review and Proceed,” the Aug. 12 alert says.
A link in the message leads to a bogus webpage asking the user to log into the “SBA Economic Injury Disaster Loan Portal” with their email address and password, according to the feds. That’s the same loan program that the SBA inspector general warned last month was rife with potential fraud.
The web address the feds flagged starts with “leanproconsulting.com.br,” the website listed for a Brazilian business called LeanPro Consulting. The company did not immediately respond to an email seeking comment, and its website was inaccessible when The Post tried to visit it Monday morning.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to an email asking about LeanPro’s relationship to the alleged scam, when the suspect messages were received and how many credentials have been stolen.
Researchers at Malwarebytes have spotted cyberattackers posing as the SBA in three other email scams, one of which involved a similar malicious URL.
Another sent recipients malware disguised as SBA documents attached to the email, while the third involved a more detailed form asking for banking information and other sensitive personal details, the software firm said in a blog post last week.