Scams such as these are, unfortunately, a part of everyday business with the current global situation. There are some simple things that can be done to reduce the chances of getting scammed. Always check the sender’s email address. In this particular case, the sender’s domain is manynations[.]com. The fake login page is hosted at hotelmerina[.]com. If the domain is not known or trusted, then the recipient should verify the address before clicking any link or downloading any files. If a malicious domain is found, IT security staff should search for any similar messages sent to other employees, and investigate web proxy logs to determine if any other employee visited the fake login page. Implementing Multi-Factor Authentication (MFA) for Office 365 accounts is an excellent way to protect employee accounts from compromise even if their password is stolen. If the password for Office 365 is the same as the password used to remotely log in to the corporate network through remote desktop or a VPN, attackers may also try to use stolen login credentials to access workstations or servers. Services such as the Binary Defense Security Operations Center can also provide 24-hour a day monitoring service that will detect and defend a company’s endpoints before an attacker has a chance to do any damage.

To read more: https://www.bleepingcomputer.com/news/security/phishing-attacks-target-us-payroll-protection-program-loans/