Scammers spoof SBA to get disaster loan dollars – FCW
Scammers spoof SBA to get disaster loan dollars
It’s no secret that crooks and hackers have targeted the coronavirus pandemic and federal agencies tasked with disbursing hundreds of billions of dollars to Americans and struggling businesses.
Now, a new study from Malwarebytes Labs, which sells anti-malware software, reveals an email spoofing and phishing campaign masquerading as the Small Business Administration.
According to Jérôme Segura, the company’s threat intelligence director, the campaign targeted business owners, CEOs and CFOs and sought to trick victims into downloading malware and passing on personal banking information. One of those attacks took place in April, as the pandemic was killing thousands of Americans every day and businesses were stranded and threatened with economic ruin.
Emails that appeared to be from an SBA address informed victims that their small business disaster loan application was complete, but they had to complete an attached form first to complete the transaction. In reality, the attachment, disguised as an image file, was actually an .exe file containing the GuLoader malware designed to bypass antivirus detection.
Another attack discovered by researchers in August was even more sophisticated. Emails appearing to be from the same SBA address have attached PDF loan documents as well, and to anyone who hasn’t studied the metadata closely or configured their email settings correctly, both seem legitimately come from the federal government.
By checking the “received field,” the researchers discovered that it came from a hostname already caught in a separate email scam. Anyone attempting to reply to the email would find that it was in fact responding to a new unofficial email address hosted by a registered domain just days before the campaign launched.
The attached PDF appeared identical to the version individuals could download from the SBA website, but a metadata review revealed that the PDFs were created with different tools, another suspicious sign. Another red flag: “the agency” has asked users to return their completed form via email with relevant bank details, rather than printing it and emailing it.
“Most people are unaware of email spoofing and assume that if the sender’s email is from a legitimate organization, it must be real,” wrote Segura in an August 10 blog post detailing the research. “Unfortunately, this is not the case and additional verifications must be made to confirm the authenticity of a sender.”
Taking similar precautions may help users spot similar scams in the future, but there are also steps those less technically inclined can take to protect themselves.
“Because we can’t expect everyone to check email headers and metadata, we can at least suggest verifying the legitimacy of any communication with a friend or by calling the organization. government, ”Segura wrote. “For the latter, we always recommend never dialing the number found in an email or left on voicemail as it could be wrong.”
The federal government has distributed more than $ 3 trillion in COVID-19 pandemic relief funds since March, including small business and payroll loans disbursed by the SBA and the Department of the Treasury and checks stimulus for American families treated by the IRS. Almost all these programs has been target relentlessly by crooks and cybercriminals.