The Small Business Administration (SBA) created two loan programs for businesses to take advantage of in order to weather the Covid-19 pandemic, the Economic Injury Disaster Loans (EIDL) and Paycheck Protection Program (PPP). Now, the SBA is urging disaster loan applicants to be on alert to phishing campaigns and scams. Malicious actors are impersonating the SBA and its Office of Disaster Assistance to collect personally identifiable information for fraudulent purposes.
Of great concern are applicants of EIDL who are being targeted and asked to verify their accounts using a third-party online platform to collect personally identifiable information (this includes; full name, date of birth, social security number, address, phone numbers, email addresses, case numbers). SBA is urging applicants to watch out for phony emails asking for information:
- Any email communication from the SBA will come from email accounts ending in gov, and nothing more.
- Look out for emails that use the SBA logo in their phishing emails and phony schemes.
Furthermore, the Small Business Administration will never use a third-party platform to:
- Actively seek personally identifiable information
- Search a third-party platform for or by personally identifiable information.
- “Follow” public users proactively without a waiver.
There are also scams in which people claiming to be federal agents charging applicants fees for processing loan applications. GOVERNMENT EMPLOYEES DO NOT CHARGE FEES FOR ANY ASSISTANCE THEY PROVIDE.
EIDL funding ended in July as the $20 billion allotted by Congress was disbursed. PPP ended in August. It is possible that these programs will reopen as part of a new round of federal stimulus but that is not imminent.
Always be vigilant in protecting your personal information and data assets. If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.