On April 27, the U.S government’s coronavirus relief fund for small businesses – the Payroll Protection Program – resumed lending, after an additional $320 billion in funding was authorized to help small businesses keep employees on the payroll.
The program will provide much needed relief for small businesses, but it could also provide cybercriminals with another prime opportunity to cash in on Covid-19 related schemes. Over the last month, Tessian has identified ways in which criminals have taken advantage of the global pandemic to make their scams more effective – from impersonating remote working and collaboration tools to tricking people into clicking onto fake stimulus check domains.
We are now warning small businesses of the PPP and CARES Act scams that they could face.
Tessian’s latest research reveals that 645 domains related to the PPP were registered between March 30 and April 20, with the majority of the domains being registered in the week following the US government’s announcement on March 31.
While 85% of the domains are offline, it’s unclear how long they will remain offline for. Of the newly registered domains that are currently live:
- 35% were registered as multiple domains that lead users to the same website. The 31 of the grouped domains only lead people to eight websites.
- 28% were from different loan providers that have a separate PPP presence through an online form. Although these may not all be spammy, it’s important for people to be wary of what they’re signing up for, what information they’re sharing and any associated costs.
- 24% were law firms and consultants offering their services.
- Around 10% were “advisory,” giving businesses information about PPP in a blog style without any notable Call To Action or service.
Worryingly, a recent survey by IBM X-Force found that only 14% of small business owners say they are very knowledgeable about how to access the SBA’s loan relief program. Cybercriminals will use this to their advantage, targeting those individuals seeking more information or guidance on the PPP. And although not every newly registered PPP domain may be malicious, it’s possible that these websites could be set up to trick people into sharing money, credentials or personal information.
Small businesses have been prime targets throughout the global pandemic. We’ve seen a number of spam campaigns whereby hackers impersonate the Small Business Administration (SBA) or well-respected banks to entice people into opening malicious attachments or sharing sensitive information. At this time, we urge small business owners and staff to think twice about what they share online and question the legitimacy of the emails they receive.
Our advice to avoiding the PPP scams:
- Be cautious about sharing personal information online. If it doesn’t look right, it probably isn’t.
- Understand the Call To Action on these PPP-related sites and emails you receive from them asking for urgent action or to click links.
- Make sure any sites offering consultancy services are legitimate before sharing information or money. Always check the URL and, if you’re still not sure, verify by calling the company directly.
- Never share direct deposit details or your Social Security number on an unfamiliar website.
- Always use different passwords when setting up new accounts on websites. And enable two-factor authentication on all the services that you use.
