This is from a US-based law firm. The same sort of activities are being targeted at businesses on this side of the Atlantic, though I haven’t heard of any breach in the last few years at HMRC that would enable an attacker to identify applicants here in the UK for any of the government programs. For example, I have used the JBR/furlough scheme so have had email from HMRC, though I haven’t clicked on any links without first checking where they lead…:
Cybersecurity threat actors are targeting information of businesses seeking assistance during this time of crisis. For example, last week the Small Business Administration (SBA) reported a suspected data breach, affecting close to 8,000 applicants to the Economic Injury Disaster Loan Program. The SBA said that the personal information of more than 7,913 business owners who applied for disaster loans was possibly seen by other applicants. The data breach comes as the SBA is grappling with a sharp increase in phishing emails that are using the SBA’s name claiming to offer relief for small businesses. Currently, the SBA is unable to accept new applications for the Economic Injury Disaster Loan, based on available appropriations funding.
The FBI has warned of increased cyberattacks and fraud schemes related to COVID-19. Business email compromise is also anticipated to rise as a result of the pandemic, with more than 1200 complaints already reported to the FBI related to COVID-19 fraud. As companies have shifted to remote work, they should adopt heightened cybersecurity protections, as suggested by the FBI: