small business loan form
CEO Fraud Alert Due to SMB CARES Act Loans and COVID-19 Phishing Scams
Richard Smotherman | Minute Read

Even though $205 billion of the $350 billion CARES Act PPP loans have already been claimed, prepare for the phishing frenzy that is still to come. According to The American Bankers Association, only some small-business owners have received their PPP funds.

A significant majority of small business organizations are still looking for a bank or are paused somewhere in their bank’s application or funding process.

Funding of these Paycheck Protection loans is expected to increase significantly over the next few weeks as banks who started taking applications early, are now moving on to the loan document and funding process.

This means that cyber related Advanced Persistent Threats and phishing email scams will increase. Refer to Alert AA20-099A, by U.S. Department of Homeland Security for a detailed summary of reported COVID-19 scams in the wild now.


Banks have held up these loans awaiting more clarity on loan guarantees and regulations. More importantly, banks are concerned about fraud, as banks claim the PPP loans don’t require the usual amount of background information or creditworthiness that come with conventional loan applications.

Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware. APT groups and cyber criminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months.

Threats observed include:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,
  • Malware distribution, using coronavirus- or COVID-19- themed lures,
  • Registration of new domain names containing wording related to coronavirus or COVID-19, and
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

Employees should be on guard, specifically anyone that deals with finances. Accounting personnel and executives should watch out for sophisticated and believable CEO Fraud attempts, emails asking for wire transfer of funds that appear to be from an executive within your company. Or emails that impersonate government or financial institutions.

This is a good time to practice using extra security layers.  Such as verification of all large financial transactions, with multi-level validation, a simple phone call before sending anything.

A concerned citizen, and client of Abacode messaged us to share their observations regarding increased cyber threats as a public service announcement regarding PPP Loans:

“There is such a frenzy I would think the click/open rate would be very high. And that’s all we need right now is another virus to deal with.”

They work with a leading global advisory firm that specializes in financial and healthcare institutions.

Please, think before you click!  Train yourselves, your employees about the #1 cybersecurity threat to your organization, phishing emails designed to trick your employees for financial gain.

Experts suggest that preparation is key, and not expect that “if” someone clicks on an email, but rather “when” they do. What will you do?

Is your organization prepared to detect and respond to such threats in real time?

Abacode is prepared to help your organization assess the health of your network security and defend against cyber threats 24/7/365.                               1(866) 596-9020