Insights

Picture of Kyle Werkmeister

Recently Old National became aware of a phishing email that attempts to take advantage of businesses who have borrowed through the Small Business Administration (SBA), specifically for an Economic Injury Disaster Loan (EIDL). While this particular email does not mention Paycheck Protection Program (PPP) loans, there is no doubt that scammers could try to use that SBA program to their advantage as well.

The phishing email purports to be from a customer service account for the SBA and asks recipients to review an EIDL application. If they take the bait, it then directs them to a spoofed (fake) SBA web page. The spoofed SBA EIDL page has a log in that may appear real, but inputting information enables the cyber actor to use it for malicious re-directs and credential stealing.

Red flags to identify the EIDL phishing email

The actual email that was brought to our attention includes the following:

  • Subject line - SBA Application – Review and Proceed
  • Sender could be marked as - disastercustomerservice@sba [.] gov
  • Text in the email body urges the recipient to click on a hyperlink to an address that may contain “. . ./gov/covid19relief/sba.gov

Keep in mind that scam artists are clever and constantly change their approach. As the phishing campaign continues, the above details from the email could change, so be alert.

How do scam artists know what businesses to target?

They don't. But with so many businesses taking advantage of SBA loans during the COVID-19 crisis, these cyber actors know that sending emails to random businesses will enable them to eventually find an SBA borrower who just might fall for their ploy.

At Old National, we helped many clients take advantage of PPP loans, and while they were not the target of this phishing email, we know that could change. This particular email pertained to small businesses that applied directly with the SBA through the EIDL program.

Because we know the tactics of fraudsters constantly change, we want to create awareness about this threat, not only for our own clients but also for all businesses. Old National is committed to keeping our communities safe from financial fraud, and we are especially concerned about businesses being victimized when they are already dealing with the challenges of COVID-19.

What can you do to avoid being a victim?

There are a number of best practices that we recommend for businesses at all times.

  • Be alert for questionable senders when you receive emails
  • Never click suspicious links in an email
  • Be wary of threatening or urgent messages trying to get you to take action immediately.
  • When in doubt, call your Old National contact directly (or the contact at your bank) to confirm legitimacy by calling a previously known, verified phone number and not what the sender included in the email.

Finally, if you are an Old National client, be aware that any information concerning your SBA loan through us will come from your established Old National Relationship Manager. Always reach out to your Relationship Manager if you have questions or concerns.

Read the full Department of Homeland Security alert.


More ways to secure your information

Our online security center provides additional actions you can take to protect your company from financial fraud.




Kyle is a Senior Analyst with Old National’s Information Security team, responsible for protecting the bank and its clients from cybersecurity risks. He joined Old National in 2005 and has worked in various compliance, security and third-party due diligence roles.


This content is not intended to provide legal, tax, accounting, financial or investment advice or indicate the suitability of any product or service for your unique circumstances. You are encouraged to consult with a qualified legal, tax, accounting, financial or investment professional based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
Back to top