MURRAY — The coronavirus pandemic continues to impact organizations across the globe. This hardship gives cybercriminals the perfect bait: a promise of financial relief. Currently, cybercriminals are impersonating the United States Small Business Administration (SBA) with a very convincing phishing email. While this specific scam targets organizations in the US, this tactic could be used in any country, for any kind of relief fund.
The phishing email states that your loan application has been approved and it includes a link to “start the funding process”. If you click this link, you are taken to a phony login page that is nearly identical to the SBA’s official website for the relief fund. The bad guys are phishing for these specific login credentials to gain access to sensitive data, such as your organization’s federal tax ID and banking information. This type of information, in the hands of a cybercriminal, would be a disaster.
“Phishing is nothing new, though now has presented the perfect opportunity to strike for cyber criminals,” said Jeff Cottingham, IT director at The Murray Bank. “Identity thieves have been rehashing old schemes and using them during COVID-19 to capitalize on people’s fears.”
How can you protect yourself from becoming hooked by a phishing scam? It starts with using common sense and being vigilant. That involves taking the following steps:
Never click on links in emails or text messages – even from companies or people you may know. If you receive an email from a company, instead of clicking on the link, go to the secure company website and login.
Call the organization in question. Just be sure to look up the official phone number—do not call the phone number provided within the email
When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging in to the real website and not a phony look-alike.
Remember that The Murray Bank will never call or email you asking for your personal information.
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.