Skip to main content


Resource Library

Malicious cyber actor using phishing emails to spoof SBA's COVID-19 relief webpage

August 17, 2020 10116

Individuals and small-business owners should watch for suspicious or unexpected emails that appear to be from the Small Business Administration or that direct the recipient to the SBA’s website for COVID-19 relief. 

The Cybersecurity and Infrastructure Security Agency in an Aug. 12 alert shared Friday by the HHS’ Office for Civil Rights warned that a malicious cyber actor is using phishing emails to spoof the SBA’s COVID-19 loan relief website. Hundreds of thousands of individuals have visited the genuine SBA website and applied for economic relief through two temporary SBA loan programs established in April through the CARES Act, including the Paycheck Protection Program. Applications for that program closed Aug. 8.

The phishing emails include a malicious link to the spoofed webpage, which the cyber actor then uses to redirect the recipient and steal credentials. 

CISA reports that the phishing email contains the following:

  • Subject line: SBA Application – Review and Proceed
  • Sender name that appears to come from the domain “”
  • Text in the email body urging the recipient to click on a hyperlink that includes “” and “covid19relief” in the address 

The full sender email address and hyperlink are included in the CISA alert, which also provides a screenshot of the spoofed SBA webpage.

Best practices for strengthening cybersecurity

CISA urges small-business owners and organizations at all levels to review the alert and have system owners or IT administrators apply the recommended strategies for strengthening the business’s cybersecurity. Those strategies include implementing warning banners for external emails, ensuring systems have the latest security updates, restricting users’ permissions to install and run unwanted software applications and over a dozen more.

Reports of cyberattacks on organizations have increased during the pandemic with the U.S. Department of Homeland Security issuing an alert as early as April 8. That alert stated that cyberattackers “prey on people’s appetite for information and curiosity towards the outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software.”

Besides ensuring business systems and software are up to date, CISA says that individuals and employees can protect themselves from becoming victims of a phishing scam by not opening unsolicited attachments and not clicking on links in emails from unknown or unverified senders.  

Read the CISA alert for technical details about the phishing email, recommended best practices for strengthening cybersecurity and additional resources.

Comments are only visible to subscribers.