Return to Insights

SBA related phishing attempts are on the rise

Profile Photo Placeholder icon

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. With Small Business Administration (SBA) loans top-of-mind among small business owners right now, especially related to the Paycheck Protection Program (PPP), these cyber-crooks are now seizing on that news to carry out their schemes.

There are reports of PPP applicants across the country receiving fake correspondence from the SBA, which are actually phishing attempts by fraudsters. Some of these fraud attempts take the shape of phishing emails enticing you to share personal data such as a Social Security Number, credit card number or account details. Others will try to lure you into clicking a link or opening an attachment, so they can infect your computer with malicious software. These emails may look legitimate and even include the SBA logo, as scammers have become increasingly sophisticated. 

Here are some tips and reminders for protecting your information:

  • Communicate directly with your banker. Remember that all correspondence regarding your SBA PPP application will be through your banker. The SBA will not contact you directly. 
  • Validate the sender. Double-check every email address for validity before clicking a link or opening an attachment. You may need to hover or right-click on the sender information to see a full email string. Often-times, phishing emails will be very close to a legitimate email address, but with just one character changed or transposed.
  • Be wary of links and attachments. If in doubt, make a personal phone call to the original sender - such as your banker - to validate that they sent you the email and attachments. Don't click a link or open an attachment from someone you don't know. And remember, the SBA will not contact you directly during the PPP application process. 
  • Go straight to the source. Just because a website or an email contain the SBA logo, does not necessarily make it legitimate. Fraudsters often use legitimate logos on their own pages. If you need to visit the SBA website for information, we recommend going directly to rather than clicking on links received via email. 

With these simple steps, you can go a long way toward protecting your personal and business account information and keep your systems secure. For additional security resources, including online and mobile security tips and steps for reporting fraud, visit our Security Center on

Profile Photo Placeholder icon

About Sana Shahid

Sana joined Bremer Bank in 2018 initially as an Information Security intern, and has steadily held additional responsibility across third-party risk management and cybersecurity. After achieving her bachelor's degree in Accounting and Finance, Sana found her passion at the intersection of data and technology. This led her to pursue her Master's degree in Computer and Information Systems Security and Information Assurance from St. Cloud State University, where she graduated in 2018, and to attain a graduate certification in data analytics.  Sana is active in the field of cybersecurity, and holds additional certifications from SANS Institute and Cofense PhishMe.  )

More on Sana