It’s Phishing Season!
In this Blog:
An example of a phishing attempt.
Ways to mitigate any attempts both corporately and individually.
Specific advice in the current climate.
A Phishing Attempt
Over the weekend, some of us at Computer & Communications Innovations received an email that, at first glance, seemed be of some importance:
“Attn,
I am sorry for the impact COVID-19 is having on your business! I will be the loan officer processing your application for assistance in recovering from this crisis.”
Please respond to the following at your earliest opportunity in order to help get the application to the next stage:
1. Please provide Social Security Card, Permanent Resident Card, and photo I.D. such as drivers’ license or Passport.
2. Please provide Business tax forms such as Schedule C tax Form 1040.
3. Please provide Documents from your county or city hall when your business was created as well as land/rent agreements, and/or franchising agreements..
4. Please provide business banking voided check with business name and routing/account numbers.
5. Please call Experian and Equifax to unfreeze your credit if it’s currently frozen.
6. Business license, sales tax permit, vendor invoices, and end of year statement if Uber/lyft driver. We cannot rely on only generic 1099, Sch C or tax return unless the electronic filing is shown on return or stamped by IRS.
7. Signed IRS Form 4506-T as part of any reconsideration request. The 4506-T will be used to request tax transcripts with accurate information directly from IRS.
Feel free to call me at the number below; or let me know what phone number and time would be most convenient for me to give you a call.
Please return the requested information to me by return e-mail at your earliest opportunity; but, in any event within 2 days or unfortunately the application will have to be declined. Please feel free to call me at the number below with any questions.
Thank you,
//REDACTED//
U.S. Small Business Administration
//PHONE NUMBER REDACTED//”
— e-Mail Supposedly from the SBA
How to Mitigate a Phishing Attempt:
So what kept us from taking any further action on this email, or worrying about further issues? A few things:
Our company firewall blocks outside attempts to gain access to our data
Our Securence email filtering software blocks most of these phishing emails
Our email provider further warns us that this email may be spamBut no filter is perfect, and sometimes warnings are missed, so then it comes down to…
Individual accountability: checking the origination of the email.
In this case, individual accountability is paramount. First, we check the originator of the email:
Huh…”gmail.com”. That’s a funny way to spell “sba.gov"…
Obviously, an email from someone at “gmail.com” doesn’t exactly sound official. But then, after that, we take a look at all the information that this person is requesting (unsolicited) from us; items such as: our (individual) social security numbers, unfettered access to our (individual) credit reports, etc. At this point, I think it’s safe to say that anyone would be suspect; in this case (thankfully), there isn’t much more to do than delete the email (or report it to the SBA Inspector General).
This is exactly what a phishing attack looks like - putting out a large amount of bait to see if anyone “bites”.
In the era of COVID-19…
Obviously, with the necessary governmental response to the financial aspects of COVID-19, many businesses have been (and will continue to be) seeing these kinds of phishing attempts…. individuals (or hacked email accounts - as is likely the case here) sending emails that sound official (or at least somewhat plausible) in hopes that they will gain enough information that they can, at best, make a quick buck; at worst, gather enough information to hold you and your business ransom for further bounty. In fact, the problem has gotten so bad that the Small Business Administration actually has a web page devoted to Scams and Fraud Alerts.
Have you been a target - or even a victim - of these types of emails? If so, give CCI a call - let us help you come up with a solution to avoid problems like this in the future.