Skip to main content

New COVID-19 phishing emails may steal your business secrets

Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.

As reported by Bleeping Computer, phishing messages based on COVID-19 have started to become increasingly popular in recent weeks.

Woman Checking Her Email
Guido Mieth / Getty Images

Email security firm INKY shared the findings of an upcoming report it is due to publish with Bleeping Computer. It found that the amount of malspam (malicious spam emails) doubled during September alone when compared to the summer period (June to August). Such attacks are expected to become more prevalent moving forward.

The phishing emails in question pretend to be from the U.S. Small Business Administration (SBA), which uses the Google Forms platform in order to host phishing pages. The objective of these pages is to steal the personal details of business owners who fill in their information.

Although the government program has provided COVID-19 financial recovery services in the past, SBA is not doing so at the moment with the pandemic slowing down.

In any case, the phishing emails highlight how individuals can still qualify for programs such as the “Paycheck Protection Program,” the“Revitalization Fund,” and “COVID Economic Injury Disaster Loan.” Contained within the email is a button that redirects targets to a Google Forms page.

The phishing forms attempt to appear as a trusted source by duplicating information deriving from past SBA financial support programs, with applicants asked to largely share the same details. Information pertaining to Google account credentials, SSNs, EINs, State ID and driver’s license details, and bank account numbers are all requested by the page.

A COVID-19 phishing email.
Image source: Bleeping Computer/INKY Image used with permission by copyright holder

Once the information is filled in and the submit button is clicked by the user, a “Your response has been recorded” message is displayed. In reality, however, all the corresponding data is sent directly to the threat actors.

With winter approaching, COVID-19 infections could be subjected to a considerable rise, which allows cybercriminals to use the opportunity to lure in unsuspecting business owners.

At the height of the pandemic, Google was blocking 18 million coronavirus scam emails on a daily basis.

As for this particular campaign, there are clear indicators that it’s a phishing attempt. As pointed out by Bleeping Computer, ​​the phishing emails redirect users toward a Google Forms page, while the SBA would request the submission of information through its official website instead. The emails, meanwhile, feature grammatical errors as well.

As always, if you are a business owner — especially one that has received monetary relief from COVID-19 programs before — be sure to carefully check any suspicious emails claiming to be from the SBA.

Editors' Recommendations

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more
New malware can steal your credit card details — and it’s spreading fast
An individual surrounded by several computers typing on a laptop.

A new, highly dangerous malware called "Erbium" has been making the rounds over the last couple of months, and it's highly likely that it will spread to new channels.

Erbium is an information-stealing tool that targets passwords, credit card information, cookies, cryptocurrency wallets, and more. Unfortunately, it's widely available, which means that it could be used in new ways in the future.

Read more
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.

Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

Read more