Cyber Threat Report: SBA COVID-19 Phishing Emails

The Cybersecurity and Infrastructure Security Agency (CISA) issued Alert AA20-225A with detailed information regarding a spoofed Small Business Administration (SBA) COVID-19 loan relief webpage. At the time of this report, the CISA analysts observed that the malicious website is being sent via phishing emails to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. However, they may also be targeting other organizations, including you.

Here’s what CISA knows so far:

The subject line: SBA Application – Review and Proceed

The sender: disastercustomerservice@sba[.]gov

The text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting[.]

You can see a screenshot of the malicious Small Business Administration (SBA) COVID-19 loan relief webpage and CISA’s recommendations to strengthen the security of your organization’s systems here.

As a reminder, here are some tell-tale signs of a phishing email:

  • Is the email asking for sensitive information? Legitimate companies do not request passwords, credit card information, credit scores, etc., via emails. Chances are if you get an email asking for any of this information, especially when it’s unsolicited, it’s a scam.
  • Is the email addressing you by your name? If the email addresses you as ‘valued member’, ‘account member’, ‘customer’, it’s probably a phishing email. Legitimate companies have your information and will address you by your name.
  • Double-check the domain name! Check the email address by hovering your mouse over the ‘from’ address and go through letter by letter, number by number, to make sure there were no alterations. Also, look for public email domain names… no legitimate company is going to contact you via a ‘’.
  • How is the grammar? An email received by a legitimate company will be well written. If there are multiple misspellings and grammatical errors, then it’s most likely a phishing email.
  • Be wary of links! Always hover over the link with your mouse to see the website before you click the link. Also as a heads up, some cybercriminals will create phishing emails that are coded entirely as a hyperlink – be careful not to click!
  • Is there an attachment? If you receive an unsolicited email with an attachment, be wary as it could contain a virus or malware. Be on the lookout for high risk file types including: .exe, .com, .scr, and .zip. If you have even the slightest inkling something is off, contact that company via phone to confirm legitimacy.
  • Is there a sense of urgency? Many cybercriminals will ask you to ‘act now or else’ hoping you’ll click on the link or download the attachment without checking for the legitimacy of the email. This is especially effective in the workplace.

You can read more about the COVID-19 Loan Relief Phishing Emails here. If you have any questions regarding phishing emails, do not hesitate to reach out. You can contact your Augusta IT Guys at 706-426-6313 or


4332 Wheeler Road #105, Augusta GA 30907


Follow your Augusta IT Guys on FacebookTwitterInstagram, and Linkedin