(Shared from VPPPA Region II!)
Critical Infrastructure Colleagues and Partners,
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 relief webpage via phishing emails. These emails include a malicious link to a fake page used for malicious re-directs and credential stealing.
Small business owners and organizations at all levels should review the alert and apply the recommended mitigations to strengthen the security posture of their systems. We encourage you to share this alert with anyone who might be able to use it.
John P Durkin
Regional Director | Region II: NY, NJ, PR and USVI
Cybersecurity & Infrastructure Security Agency (CISA)
--
(Image shared from the linked alert.)