According to a recent alert by the Cybersecurity and Infrastructure Security Agency (CISA), individuals and small business owners should be aware of suspicious or unexpected emails that appear to be from the Small Business Administration (SBA) or that direct the recipient to the SBA’s website for COVID-19 relief.

In addition, reports of cyberattacks on organizations have increased during the pandemic. These reports revealed that cyber attackers “prey on people’s appetite for information and curiosity towards the outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software.”

The CISA alert warned that a malicious cyber actor is using phishing emails‡ to spoof the SBA COVID-19 loan relief website. Over the past months, hundreds of thousands of individuals have visited the real SBA website to apply for economic relief through two temporary SBA loan programs established in April through the CARES Act, including the Paycheck Protection Program.

The loan spoofing phishing emails include a malicious link to the spoofed SBA webpage‡, which the cyber attacker then uses to redirect the recipient and steal credentials.

The CISA urges small-business owners and organizations at all levels to review the alert and have system owners or IT administrators apply the recommended strategies.

Besides ensuring business systems and software are up to date, CISA says that individuals and employees can protect themselves from becoming victims of a phishing scam by not opening unsolicited attachments and not clicking on links in emails from unknown or unverified senders.

Use these trusted sites for additional information:‡,‡ and

When you click links marked with the “‡” symbol, you will leave UMB’s website and go to websites that are not controlled by or affiliated with UMB. We have provided these links for your convenience. However, we do not endorse or guarantee any products or services you may view on other sites. Other websites may not follow the same privacy policies and security procedures that UMB does, so please review their policies and procedures carefully.