Skip to main content

New COVID-19 phishing emails may steal your business secrets

Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.

As reported by Bleeping Computer, phishing messages based on COVID-19 have started to become increasingly popular in recent weeks.

Woman Checking Her Email
Guido Mieth / Getty Images

Email security firm INKY shared the findings of an upcoming report it is due to publish with Bleeping Computer. It found that the amount of malspam (malicious spam emails) doubled during September alone when compared to the summer period (June to August). Such attacks are expected to become more prevalent moving forward.

The phishing emails in question pretend to be from the U.S. Small Business Administration (SBA), which uses the Google Forms platform in order to host phishing pages. The objective of these pages is to steal the personal details of business owners who fill in their information.

Although the government program has provided COVID-19 financial recovery services in the past, SBA is not doing so at the moment with the pandemic slowing down.

In any case, the phishing emails highlight how individuals can still qualify for programs such as the “Paycheck Protection Program,” the“Revitalization Fund,” and “COVID Economic Injury Disaster Loan.” Contained within the email is a button that redirects targets to a Google Forms page.

The phishing forms attempt to appear as a trusted source by duplicating information deriving from past SBA financial support programs, with applicants asked to largely share the same details. Information pertaining to Google account credentials, SSNs, EINs, State ID and driver’s license details, and bank account numbers are all requested by the page.

A COVID-19 phishing email.
Image source: Bleeping Computer/INKY Image used with permission by copyright holder

Once the information is filled in and the submit button is clicked by the user, a “Your response has been recorded” message is displayed. In reality, however, all the corresponding data is sent directly to the threat actors.

With winter approaching, COVID-19 infections could be subjected to a considerable rise, which allows cybercriminals to use the opportunity to lure in unsuspecting business owners.

At the height of the pandemic, Google was blocking 18 million coronavirus scam emails on a daily basis.

As for this particular campaign, there are clear indicators that it’s a phishing attempt. As pointed out by Bleeping Computer, ​​the phishing emails redirect users toward a Google Forms page, while the SBA would request the submission of information through its official website instead. The emails, meanwhile, feature grammatical errors as well.

As always, if you are a business owner — especially one that has received monetary relief from COVID-19 programs before — be sure to carefully check any suspicious emails claiming to be from the SBA.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
A new phishing scam pretends to be your boss sending you an email
how to back up emails in outlook laptop

One of the latest email scams is a simple yet masterful ploy that gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

As reported by ZDNet, the scam is called a business email compromise (BEC) campaign and is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money. Targets of this type of scam are typically employees in the finance department or someone who has the ability to send wire transfers.

Read more
New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more
New malware can steal your credit card details — and it’s spreading fast
An individual surrounded by several computers typing on a laptop.

A new, highly dangerous malware called "Erbium" has been making the rounds over the last couple of months, and it's highly likely that it will spread to new channels.

Erbium is an information-stealing tool that targets passwords, credit card information, cookies, cryptocurrency wallets, and more. Unfortunately, it's widely available, which means that it could be used in new ways in the future.

Read more