The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages.
On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A):
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.
CISA went on to explain that individuals at multiple Federal Civilian Executive Branch and state, local, tribal and territorial government had received the attack emails.