Scammers spoof SBA to get disaster loan dollars — FCW | #coronavirus | #scams | #covid19


Scammers spoof SBA to get disaster loan dollars

shutterstock image id ID: 186823331 by DD Images 

It’s no secret that scammers and hackers have targeted the coronavirus pandemic and the federal agencies charged with disbursing hundreds of billions of dollars to struggling Americans and companies.

Now, new research from Malwarebytes Labs, which sells anti-malware software, reveals an email spoofing and phishing campaign impersonating the Small Business Administration

According to Jérôme Segura, the company’s director of threat intelligence, the campaign targeted business owners, CEOs and CFOs and sought to entice victims to download malware and hand over personal banking information. One such attack took place in April, right as the pandemic was killing thousands of Americans every day and businesses were under lockdown and facing economic ruin.

Emails that appeared to come from an SBA address advised victims that their application for a disaster small business loan was complete, but they first needed to complete an attached form to finalize the deal. In reality the attachment, disguised as an image file, was actually an .exe file containing the GuLoader malware designed to bypass antivirus detection.

Another attack discovered by researchers in August was even more sophisticated. Emails appearing to come from the same SBA address also attached PDF loan documents, and to anyone who didn’t study the metadata closely or have their email settings configured correctly, both appeared to legitimately come from the federal government.

By checking the “received field,” researchers found it came from a hostname that was already caught in a separate email scam. Anyone who attempted to reply to the email would find that they were actually responding to a new, unofficial email address hosted by a domain registered just days before the campaign kicked off.

The attached PDF looked identical to the version individuals could download on SBA’s website, but an examination of the metadata revealed that the PDFs were created with different tools, another suspicious sign. Another red flag: the “agency” asked users to send their completed form back via email with relevant banking details, rather than printing it out and sending it through the mail.

“Most people aren’t aware of email spoofing and believe that if the sender’s email matches that of a legitimate organization, it must be real,” wrote Segura in an Aug. 10 blog post detailing the research. “Unfortunately, that is not the case and there are additional checks that need to be performed to confirm the authenticity of a sender.”

Taking similar precautions can help users sniff out similar scams in the future, but there are also steps the less technically inclined can take to protect themselves.

“Because we can’t expect everyone to be checking for email headers and metadata, at least we can suggest double-checking the legitimacy of any communication with a friend or by phoning the government organization,” Segura wrote. “For the latter we always recommend to never dial the number found in an email or left on a voice mail as it could be fake.”

The federal government has doled out more than $3 trillion in relief funding tied to the COVID-19 pandemic since March, including small business and payroll loans disbursed by the SBA and Department of the Treasury and economic stimulus checks for American families processed by the IRS. Nearly all of those programs have been targeted relentlessly by scammers and cyber criminals.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor’s degree in journalism from Hofstra University and a Master’s degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.

Source link

Click here to go to the original Source of this story.


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App





National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.