August 14, 2020
The federal Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on August 12, 2020 that some person or group as yet unidentified is attempting to divert individuals from the real Small Business Administration website on COVID-19 relief to a fraudulent site.
The public alert described findings that visitors are re-directed to the fraudulent site and targeted for their login credentials or are re-directed to other fraudulent websites. Phishing emails apparently are the major means the hacker uses to engage with potential victims.
Pawnbrokers—as you all know—are subject to the Safeguards Rule the Federal Trade Commission promulgated to implement part of the Privacy provisions of the Gramm-Leach- Bliley Act almost 20 years ago. Your customers’ nonpublic personal information must be protected from interception, including through phishing attacks on your databases or your vendors’ databases.
CISA’s public alert “Alert (AA20-225A” is at https://us-cert.cisa.gov/ncas/alerts/aa20-225a, and warns against responding to any emails or messages that try to re-direct you to an SBA COVID-19 loan relief website. CISA recommends that users seeking information from the SBA access the SBA directly, using their website (www.sba.gov).
The Alert also describes the hacker’s method of operations as including information that the subject line of emails reads “SBA Application—Review and Proceed,” the sender’s name suggests a connection to the SBA that does not exist, and provides information about the hyperlink that the hacker urges its potential victims to visit. Do NOT click on or type that hyperlink: it is very aggressive.
If you have questions, please email firstname.lastname@example.org.
This GRC Update is not intended and should not be construed as legal advice to NPA members.
Members should consult their own lawyers for legal advice.
Copyright © National Pawnbrokers Association 2020. All rights reserved.