COVID-19-themed phishing messages are once again spiking in the U.S. following a prolonged summer hiatus that appears to be over. According to a report by email security company INKY, the malspam volumes have doubled in September compared to the previous three months and are set to rise even more. In the latest attacks, phishing emails impersonate the U.S. Small Business Administration (SBA) and abuse Google Forms to host phishing pages that steal the personal details of business owners. The SBA ran COVID-19 financial recovery programs in the past, which adds legitimacy to the campaign, especially for previous beneficiaries. However, the organization is currently not running any similar initiatives. The lures used in the phishing emails are for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan.” The emails entice recipients to apply for the program by clicking on an embedded button that takes them to a Google Forms page. Abusing form builders is a common tactic for phishers, who take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that come with them. The phishing forms mimic the content SBA used in legitimate support programs, requesting the applicants to enter much of the same information. This includes their Google account credentials, SSNs, EINs, State ID and driver’s license details, and bank account number. Clicking on “Submit” siphons all data to the crooks while displaying a reassuring “Your response has been recorded” message.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in