From the beginning, an infuriating side effect of the pandemic has been fraud. The distribution of funds through stimulus checks and small business loans has provided a great opportunity for potential fraudsters to prey on victims.
Based on a recent court ruling, the Treasury Department and Small Business Administration (SBA) have released detailed information about the recipients of Economic Injury Disaster Loan (EIDL) and Paycheck Protection Program (PPP) funds. This allows cyber criminals to be very specific in their communications, making them appear even more legitimate.
Below is a list of common tools cyber criminals use to access personal information. While you should always be mindful when dealing with account information, it’s more important than ever, especially if it concerns an EIDL or PPP account.
Web pages. The Cybersecurity and Infrastructure Security Agency has issued a warning regarding at least one cyber thief who is spoofing the Small Business Administration COVID-19 relief webpage through phishing emails. The phishing emails contain a malicious link to a fake page used for re-directs and credential stealing. The phishing email subject line currently reads, "SBA Application - Review and Proceed" and the sender is marked as "disastercustomerservice@sba[.]gov." In general, these links appear legitimate, which serves to lure in unsuspecting recipients.
Phishing schemes. Be extra vigilant with emails that contain a SBA logo. Emails can contain fraudulent links that connect you to a page encouraging you to input your personally identifiable information, or even install ransomware or malware on your computer. Learn more about phishing attacks, and if you receive a questionable message, type in the web address of the site yourself instead of using provided links.
Vishing schemes. "Vishing" is similar to "phishing," but instead of sending an email, fraudsters call potential victims. These calls can be quite effective, because in addition to appearing legitimate, the caller can pressure and manipulate you into providing personal information. If you receive a phone call concerning any account, tell the caller you'll need to call them back, then dial a number you have on hand - not a number the caller gives you. A legitimate caller will not try to pressure you into staying on the line.
While hackers have stepped up their game, the scams are similar to those that have made the rounds for years. Educate yourself about common tools used for fraud, and take time before clicking on links that could be questionable. If you ever have any questions about an email or call you’ve received, don’t hesitate to contact your banker or SBA representative.
Additional Resources:
Identifying Phishing Emails
Share Your Information with Care
How to Spot and Avoid Common Scams
Avoiding Vishing Scams
SBA Programs - Scams and Fraud Alerts
Sign Up for Scam Alerts from the Federal Trade Commission (FTC)
The views, information, or opinions expressed in this article are solely those of the author and do not necessarily represent the views of Citizens State Bank and its affiliates, and Citizens State Bank is not responsible for and does not verify the accuracy of any information contained in this article or items hyperlinked within. This is for informational purposes and is no way intended to provide legal advice.