New Phishing Scam Uses Fake PPP Loans to Trick Victims into Giving Up Personal Information

Paycheck Protection Program Phishing ScamTaking advantage of people’s need for financial assistance, these scammers pose as a bank offering “forgivable business loans to individuals impacted by the pandemic.”

Nothing says low life more than someone who purposely targets those who are already down and out. Those responsible for a new scam identified by the security researchers at Abnormal Security are the lowest of the low – running a scam essentially promising free money to those that are in need.

In this scam, thousands of potential victims were sent an email impersonating an SBA Lender “World Trade Finance” informing the recipient that the Paycheck Protection Program has been extended and they are now taking applications for new forgivable loans.

Those interested click a link that takes them to a legitimate Office 365 form that appears legitimate:


Victims are asked for every piece of personal information including name, birthdate, and social security number – along with other business details to make the form seem legitimate.

There were some telltale signs that this was a scam to begin with:

  • The email is sent to ‘’, a domain obviously not associated with the government.
  • It appears the actual recipient must have been blind cc’d
  • The link goes to an Office 365 form and not something embedded in the business’ actual website
  • While there is a ‘World Trade Finance’ that is an SBA lender, a quick look up of the lender and a comparison to the address provided in the email would result in a mismatch.

Users can easily avoid becoming the victim of such scams once they look at email and web content through a scrutinizing lens. This only comes through continual Security Awareness Training that educates users on what to look for, the types of scams that occur, and how to keep a vigilant mindset while working.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews