The COVID-19 pandemic hasn’t slowed opportunistic cyber criminals.
They are taking advantage of this time to go after small business owners. Smaller companies are more at risk than ever because they are seeking information and looking for support in these trying times.
Recently, there have been phishing email attempts to take advantage of businesses that have borrowed through the U.S. Small Business Administration (SBA), specifically for an Economic Injury Disaster Loan (EIDL).
This is just one of the many examples of how cyber criminals are working hard to take advantage of business owners.
In this case, the phishing email seems to be from a customer service account for the SBA and asks the recipient to review an EIDL application. If someone falls for it, it directs them to a false SBA web page.
This fake page has log-ins that appear real, but when someone enters their user name and password in, the bad actor (cyber criminal) allows them to use it for malicious re-directs and credential stealing.
These bad actors are aware that sending emails to selected businesses will allow them to find an SBA borrower who could fall for their scam. There are some best practices to stop this from happening to you:
- Stay alert for questionable e-mail addresses when you receive an email.
- Don’t click on suspicious links from an unknown sender.
- Be hesitant when you get a threatening or emergency message urging you to take immediate action.
- Call your bank directly if you have doubts to confirm if an email is legitimate.
Stearns Bank and the SBA advise businesses to avoid releasing any private information, such as Social Security numbers, credit card info or banking info. If you’re contacted by someone over the phone, or in an email, do a reverse search of their phone number to ensure it’s associated with a legitimate organization or business.
Other COVID-19 Scams
This SBA scam isn’t the only one to stay on top of as a small business owner in 2021. Here is a rundown of just a few and how to avoid them:
- Bogus Executive Emails – This is a computer virus-infected email in what looks like a legitimate email from a sender familiar to the recipient, typically someone with power and responsibility that everyone knows. The email includes a link that is labeled as “important.” Clicking on this link activates a computer virus. Don’t click on the link.
- Fake Donation Sites – Many businesses are giving back to the community during the pandemic. Bad actors are taking advantage of this by reaching out to businesses and requesting help for fraudulent donation sites. Be sure to research and contact any organization for which you plan to donate. Don’t wire money and pay with cash or a gift card if you’re not familiar with an organization.
- Social Media COVID-19 Grant Scams – The Better Business Bureau continues to remind everyone that government agencies don’t contact businesses via social media. If you’re contacted by someone claiming to be from a government agency on social media about a grant, find a legitimate government site and notify them about how you were contacted.
- Health Information Phishing Scams – The Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) are important sources of information during the pandemic. This type of scam has a newsletter-style email coming from one of these organizations with the latest updates on the virus. If you click on a link in this scam, you give access to your computer to the bad actor. If haven’t signed up for CDC or WHO emails, don’t click on the link. Alert your team to avoid clicking on links in emails that say they’re from one of these organizations.
- IRS Scams – This is an old one, but a prevalent one. In this scheme, the bad actor calls by phone, claiming to be from the IRS. However, the IRS always makes first contact by mail. The IRS reminds people that it will never insist on payment over the phone or request personal info. If you receive such a call, you can file a complaint with the Federal Trade Commission. Be sure to add “IRS Telephone Scam” in your complaint.
You can also visit our fraud page to stay ahead of cyber criminals and scams. Stay safe and stay alert!
If your business has been impacted by the pandemic, please reach out to Stearns Bank to find out ways we can provide you relief.