U.S. flag An official website of the United States government.

Dot gov

The .gov means it's official.
Federal government websites always use a .gov or .mil domain. Before sharing sensitive information online, make sure you’re on a .gov or .mil site by inspecting your browser's address (or "location") bar.

SSL

This site is also protected by an SSL (Secure Sockets Layer) certificate that's been signed by the U.S. government. The https:// means all transmitted data is encrypted  — in other words, any information or browsing history that you provide is transmitted securely.

SBA Alert: Beware of Email Phishing Scams

  • August 14, 2020

The U.S. Small Business Administration is sending a cyber warning alert to loan applicants seeking federal aid in response to the Coronavirus (COVID-19) pandemic. Email phishing campaigns where malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information (PII) for fraudulent purposes have surfaced.

The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect personally identifiable information.

It should be noted that any email communication from the SBA will come from email accounts ending in sba.gov, and nothing more. Loan applicants are being advised to look out for email scams and phishing attacks using the SBA logo. These may be attempts to obtain PII, access personal banking accounts, or install ransomware or malware.

Applicants are also advised to help protect their identity and privacy by never providing their full name, date of birth, social security number, address, phone numbers, email addresses, case numbers, or any other PII in public-facing comments or responses to third-party emails.

The SBA will not use a third-party platform to:

  • Actively seek PII
  • Search a third-party platform for or by PII
  • “Follow” public users proactively without a waiver

Borrowers who are in the process of applying for an SBA loan and receive email correspondence asking for PII are cautioned to ensure that any application numbers referenced in the email are consistent with their actual application number. Loan applicants and borrowers are also advised not to click on any links or open any attachments, which are often used in phishing email scams.

Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance, and government employees do not charge for any recovery assistance provided.

An SBA logo on a web page does not guarantee the information is either accurate or endorsed by the SBA. Loan applicants and borrowers should be vigilant in protecting their personal information and data assets. Visit https://www.sba.gov/COVIDfraudalert to learn more about scams and fraud schemes.

If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.

Loan applicants who have questions about SBA’s Economic Injury Disaster Loan program may call the Disaster Customer Service Center at 1-800-659-2955 (TTY: 1-800-877-8339) or send an email to disastercustomerservice@sba.gov.

Read More