The Cybersecurity and Infrastructure Security Agency issued an alert today regarding an unknown malicious cyber actor targeting small business owners through phishing emails containing links that redirect victims to a spoofed Small Business Administration COVID-19 relief webpage used to steal credentials. The phishing email subject line currently reads “SBA Application – Review and Proceed” and the sender is marked as “disastercustomerservice@sba[.]gov”.

Please see the alert for more information, including the IP address, indicators of compromise, and recommended mitigations for small businesses and organizations to take to strengthen their cybersecurity posture.