Dentists should beware of phishing emails mimicking the Small Business Administration's COVID-19 relief webpage, according to the California Dental Association.
Individuals and small-business owners should watch for suspicious or unexpected emails that appear to be from the Small Business Administration or that direct the recipient to the SBA's website for COVID-19 relief.
An Aug. 12 alert shared by the HHS' Office for Civil Rights warned that a malicious cyber actor is using phishing emails to spoof the loan relief site, which the cyber actor then uses to redirect the recipient and steal credentials.
The phishing email contains:
- Subject line: SBA Application – Review and Proceed
- Sender name that appears to come from the domain "sba.gov"
- Text in the email body urging the recipient to click on a hyperlink that includes "sba.gov" and "covid19relief" in the address
- The full sender email address and hyperlink are included in the CISA alert, which also provides a screenshot of the spoofed SBA webpage.
CISA urges organizations to implement warning banners for external emails, ensure systems have the latest security updates, and restrict users' permissions to install and run unwanted software applications.