Security & Fraud

Phishing Scams Target SMBs Seeking COVID Aid

Phishing Scams Target SMBs Seeking COVID Aid

The COVID-19 pandemic, like other disasters, has created a playground for cybercriminals. reports that the Coronavirus Aid, Relief and Economic Security (CARES) Act has triggered the latest round of scams. 

The information security and technology news publication said tricksters, trying to take advantage of vulnerable Americans, have been sending out emails impersonating the Small Business Association's (SBA) Payment Protection Program (PPP).

The fraudsters’ mission is to lure recipients with financial relief options. The phishing expedition, as explained by, requests the recipient’s signature for PPP documents. Clicking on the link directs users to a page that looks like the authentic Microsoft Office 365 login web page and tries to pilfer the recipient's corporate credentials. Victims who provide their email login information would be put their sensitive information at risk, the report said.

IBM X-Force has released a study showing that since the World Health Organization (WHO) declared the COVID-19 pandemic last month, there has been a more than 6,000 percent increase in coronavirus-related spam, according to The survey said that 35 percent of respondents expect to hear communication from the IRS by email, despite years of warnings from the IRS and law enforcement agencies that the tax agency will never email an individual about their tax filing.

Only 14 percent of small business owners say they are very knowledgeable about how to access the SBA’s loan relief program, despite continuous guidance offered by government officials.

More than half of respondents said they would click on links or open attachments in emails about their stimulus check eligibility or COVID-19 testing. 

Another scam attempts to collect online banking account information. Recipients are asked to click a link displaying the Federal Emergency Management Agency (FEMA) and Centers for Disease Control and Preventio‌n (CDC) logos. These convincing sites promise stimulus payments of up to $1,200 or $2,400 for couples, plus $500 per child for parents, just like the real government program provides, the report said.

If recipients choose to get the “economic impact payment,” they see a drop-down menu with a list of two dozen banks, and then enter their banking info, which is sent to the attacker.

Anti-phishing company INKY said these schemes are among the most sophisticated-looking they’ve seen. said that given the pandemic, these threats will not soon disappear, and that users should exercise caution when receiving messages that promise economic relief.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.