Homeland Security's National Cyber Awareness System has issued an alert concerning an unknown malicious cyber actor who is spoofing a Small Business Administration COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.
The phishing emails have carried a subject line of "SBA Application - Review and Proceed." The sender is identified as "disastercustomerservice[at]sba.gov." Clicking on a link in the email takes the phishing target to a spoofed SBA webpage that asks the target to "Sign in to Your Account." The page captures the sign-in attempt and steals the target's log-in credentials.