WASHINGTON, D.C. (August 13, 2020) - The U.S. Small Business Administration (SBA) has sent cyber-warning alerts to loan applicants seeking federal aid in response to the Coronavirus (COVID-19) pandemic. Email phishing campaigns where malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information (PII) for fraudulent purposes have surfaced.
The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan (EIDL) Program asking them to verify their accounts using a third-party online platform to collect PII. A recent webinar attended by NSGA in mid-October indicated recipients of Paycheck Protection Program (PPP) loans could also be targets of email phishing campaigns. NSGA recommends you contact your lender if you have questions related to your SBA-backed COVID-19 relief loans.
It should be noted that any email communication from the SBA will come from email accounts ending in sba.gov, and nothing more. Loan applicants are being advised to look out for email scams and phishing attacks using the SBA logo. These may be attempts to obtain PII, access personal banking accounts, or install ransomware or malware.
Applicants are also advised to help protect their identity and privacy by never providing their full name, date of birth, social security number, address, phone numbers, email addresses, case numbers, or any other PII in public-facing comments or responses to third-party emails.
Image Source: SBA
The SBA will not use a third-party platform to:
• Actively seek PII
• Search a third-party platform for or by PII, or
• “Follow” public users proactively without a waiver.
Borrowers who are in the process of applying for an SBA loan and receive email correspondence asking for PII are cautioned to ensure that any application numbers referenced in the email are consistent with their actual application number. Loan applicants and borrowers are also advised not to click on any links or open any attachments, which are often used in phishing email scams.
Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance. Government employees do not charge for any recovery assistance provided.
An SBA logo on a web page does not guarantee the information is either accurate or endorsed by the SBA. Loan applicants and borrowers should be vigilant in protecting their personal information and data assets. Visit https://www.sba.gov/COVIDfraudalert to learn more about scams and fraud schemes.
If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at (800) 767-0385 or online at https://www.sba.gov/COVIDfraudalert.
Loan applicants who have questions about SBA’s EIDL program may call the Disaster Customer Service Center at (800) 659-2955 (TTY: (800) 877-8339) or send an email to firstname.lastname@example.org(link sends e-mail).
PLEASE NOTE: NSGA recommends you contact your lender if you have questions related to your SBA-backed COVID-19 relief loans.