article featured image


Recent attacks use phishing emails to impersonate the U.S. Small Business Administration (SBA) and rely on Google Forms to host phishing pages that steal the personal details of business owners.

COVID-19-themed phishing campaigns are not unheard of in the U.S., but this time the attack is actually based on a legitimate financial recovery program the SBA ran in the past. It is worth mentioning that no such initiatives are being officially implemented at me moment.

Fake Grants Real Threat

The phishing emails lure their recipients with grants for pandemic financial support programs like the “Paycheck Protection Program”, “Revitalization Fund”, and “COVID Economic Injury Disaster Loan”, which they can apply for by filling out a form.

According to INKY, once the link is clicked and the victim is directed to Google Forms, the questions are designed to extract users personally identifiable information (PII) and include EIN, SSN, driver’s license details, and bank account information.


Upon a Closer Look

BleepingComputer explains that phishing actors take advantage of the free hosting, encrypted data traffic, and brand recognition and trustworthiness that come with legitimate Software-as-a-Service (SaaS) platforms. Google Forms is no exception, this particular instance turning them into a victim of a credential harvesting and brand impersonation scheme.

First of all, business owners should keep in mind that the SBA would never request such information be submitted by means of Google Forms, but rather directly on their site. Also, as mentioned in the beginning of this article, the organization is no longer accepting applications to their COVID-19 relief loan and grant programs.

Next, as Bleeping Computer notes, business owners are advised to remain vigilant and treat all incoming messages offering financial support with suspicion, as well as check sender details. In this case, the phishing email content is full of grammar errors that should raise a few questions related to its origin. Additionally, the use of all caps in “GRANT MONEY” feels and looks unprofessional.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo