Taking advantage of people’s need for financial assistance, these scammers pose as a bank offering “forgivable business loans to individuals impacted by the pandemic.”
Nothing says low life more than someone who purposely targets those who are already down and out. Those responsible for a new scam identified by the security researchers at Abnormal Security are the lowest of the low – running a scam essentially promising free money to those that are in need.
In this scam, thousands of potential victims were sent an email impersonating an SBA Lender “World Trade Finance” informing the recipient that the Paycheck Protection Program has been extended and they are now taking applications for new forgivable loans.
Those interested click a link that takes them to a legitimate Office 365 form that appears legitimate:
Victims are asked for every piece of personal information including name, birthdate, and social security number – along with other business details to make the form seem legitimate.
There were some telltale signs that this was a scam to begin with:
Users can easily avoid becoming the victim of such scams once they look at email and web content through a scrutinizing lens. This only comes through continual Security Awareness Training that educates users on what to look for, the types of scams that occur, and how to keep a vigilant mindset while working.
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.