Medium
An alert warning of an unknown threat actor spoofing the Small Business Administration’s COVID-19 loan relief webpage. Using phishing emails, the actor includes a link to the spoofed webpage which is actually used for credential theft and malicious redirects. Analysts have stated the emails are targeting state, local, tribal, and territorial government recipients. Upon clicking the link, victims are prompted to enter their SBA Economic Injury Disaster Loan Portal Account information to review application and check on loan status.