SBA Warns of COVID-19 Phishing Scams. Applicants are advised to help protect their identity and privacy by never providing personal information.
The U.S. Small Business Administration is sending a cyber warning alert to loan applicants seeking federal aid in response to the COVID-19 pandemic.
Email phishing campaigns where malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information (PII) for fraudulent purposes have surfaced.
The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect personally identifiable information.
It should be noted that any email communication from the SBA will come from email accounts ending in sba.gov, and nothing more. Loan applicants are being advised to look out for email scams and phishing attacks using the SBA logo. These may be attempts to obtain PII, access personal banking accounts, or install ransomware or malware.
Applicants are also advised to help protect their identity and privacy by never providing their full name, date of birth, social security number, address, phone numbers, email addresses, case numbers, or any other PII in public-facing comments or responses to third-party emails.
The SBA will not use a third-party platform to:
- Actively seek PII
- Search a third-party platform for or by PII, or
- “Follow” public users proactively without a waiver
Borrowers who are in the process of applying for an SBA loan and receive email correspondence asking for PII are cautioned to ensure that any application numbers referenced in the email are consistent with their actual application number. Loan applicants and borrowers are also advised not to click on any links or open any attachments, which are often used in phishing email scams.
Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance, and government employees do not charge for any recovery assistance provided.
An SBA logo on a web page does not guarantee the information is either accurate or endorsed by the SBA. Loan applicants and borrowers should be vigilant in protecting their personal information and data assets. Visit https://www.sba.gov/COVIDfraudalert to learn more about scams and fraud schemes.
If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.
Loan applicants who have questions about SBA’s Economic Injury Disaster Loan program may call the Disaster Customer Service Center at 1-800-659-2955 (TTY: 1-800-877-8339) or send an email to firstname.lastname@example.org.
Recently the Internal Revenue Service (IRS) started to advise taxpayers to be wary of emails, phone calls, SMS (text messages), and social media posts around the upcoming stimulus payments, especially those that ask for money or sensitive information be provided in order to receive funds.