On Friday, April 3rd 2020, banks across the US started accepting Payroll Protection Program applications (PPP), allowing companies to borrow money during the COVID-19/Coronavirus crisis. The loan originates from the passing of the CARES act, which provides support for businesses impacted by the global pandemic. For more information on the PPP visit the SBA website.
With the launch of these loans, banks are struggling to create the infrastructure and process needed to handle these applications. The SBA loan applications are urgent, as they are first come, first serve. On the first day of the launch, Bank of America received 177,000 applications and many other institutions were having their doors beaten down with questions from inquiring companies.
This urgency and lack of infrastructure leads to people seek answers to help themselves if their bank isn't responding quickly enough. That’s the perfect breeding ground for social engineering & phishing attacks.
It’s unfortunate that during these difficult times, there has been a steep increase in phishing attacks; starting with offers of a vaccine and now, attacks targeting businesses that are in desperate need of capital.
Apozy Airlock has discovered a significant number of these malicious PPP sites in the wild targeting companies searching for the easiest and quickest method to get their application in to the SBA. Airlock immediately marked these sites as malicious and sent them to various phish reporting organizations.
Alongside these PPP phishing attacks, there are websites demanding payment to apply for the PPP and SBA loans. These loans do not cost anything to apply for, as stated by the SBA.
If you’re a business or individual looking for PPP or other SBA loans, please consider contacting your bank directly and don’t use search engines to identify an easier alternative. If you must, confirm that URL and the source is 100% credible and trusted.
Apozy Airlock is currently free for companies feeling the impact of COVID-19/Coronavirus, reach out to firstname.lastname@example.org.