Johnston Reporter

Small business owners received a warning from the Cybersecurity and Infrastructure Security Agency (CISA) that an unknown malicious cyber actor is spoofing a COVID-19 relief webpage through phishing emails.

The emails purport to originate from the Small Business Administration (SBA) and include a fake page link. Once the user clicks the link, they fall prey to a malicious redirect and credential-stealing, according to an alert on the Johnston County website from the U.S. Department of Homeland Security Office of Intergovernmental Affairs. 

CISA analysts spotted the malicious cyber actor sending a phishing email to local, tribal, territorial, state and federal civilian executive branch recipients, the agency reported in an alert.

The suspected phishing email has a subject line of "SBA Application — Review and Procced," the agency said. The sender is marked as disastercustomerservice@sba[.]gov. The email's hyperlink address urges recipients to click will be to hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov.

CISA recommends all organizations implement warning banners for all email that originates outside the organization to mitigate the phishing attempt. Updated antivirus signatures and engines also should be maintained, as should security updates.

Other security measures include disabling file and printer sharing services. Or, if they are necessary, adopt strong passwords or Active Directory authentication, the alert reported.

Another safeguard is to restrict users' permissions so they can't install and run unauthorized software. At the same time, enforce a strong password policy. Monitor their web browsing habits and restrict sites with unfavorable content, the alert said.

All email attachments should be considered dangerous, even if the sender appears to be known. In addition, removable media, including USB thumb drives, are a risk.

CISA offers free vulnerability scanning and testing services by emailing vulnerability_info@cisa.dhs.gov to sign up.