Another round of lending for the Paycheck Protection Program (PPP) has begun. With it comes a lifeline for many small businesses that are struggling through the economic impacts of the pandemic alongside a few issues business owners should stay aware of in regard to cyber security.
Threat actors are often driven by two main motivating factors – easy opportunity and access to substantial amounts of money. The vast amount of government funding available through the PPP has led to both. An additional $284 billion has recently been allocated to the 2nd round of the PPP for businesses in need. This is on top of the nearly $600 billion that was available through the first round of funding.
Since there has been a rush to get this money into the accounts of businesses who direly need it, the application and approval processes have been rushed. Quick approval of a large loan is of great benefit to a struggling small business, but it also opened the doors for potential fraud and some familiar scams specifically targeting PPP money.
The majority of what we’ve all read about PPP fraud involves crooked business owners applying for and receiving substantial amounts of money that they don’t actually need. A recent report by the SBA Inspector General highlights this and notes that around $3.6 billion in funding was sent to businesses and owners that swindled the system for quick cash.
Headlines across the country have demonstrated examples of owners using funds for buying new cars, houses, or other extravagant expenses unrelated to any sort of vital business activity the loan money was intended for. This news is appalling to all of the well-intentioned, hard-working business owners out there who are struggling to keep staff employed and their ventures afloat.
The SBA has adapted and will include some safeguards into this latest round of funding, including a No Pay List (outlined in the report linked above) which indicates over 50,000 businesses that received ineligible funding last year and will not be eligible to borrow again as a result.
PPP-Related Business Identity Threats
These instances of PPP funds essentially being stolen and kept out of the hands of businesses that truly need them show examples of more traditional fraud. But although they don’t receive as much attention in the press, there are other cyberthreats surrounding the situation as well. Understanding this possibility and staying informed can help prevent your business from additional difficulties during these trying times.
Business identity theft has been prevalent over the course of PPP lending and will continue to be a threat for as long as funds are still available. Criminals can gain access to money by creating a fake application using the identifying information of a real business. They may also create a synthetic identity which uses a combination or real and fake information that will allow them to apply for a loan. If your business’s information happens to be used in either of these varieties of the same scam, it may prevent you from securing a legitimate PPP loan and pose ongoing security threats.
An obvious red flag to watch out for which indicates that your business identity may have been stolen and used to apply for funding is a letter from the SBA relating to your PPP or EIDL loan. If you haven’t applied for either of these loans and yet you do receive notification making it seem like you may have, there is a decent chance someone has submitted a fraudulent application using your business’ personal information.
If you receive one of these letters and suspect that you might be a victim of fraud, you should immediately reach out to the SBA to notify them and find out if an application was filed without your knowledge. You should also contact any lender listed on the document to notify them of the issues as well.
Reviewing your credit report to see if the SBA ran a check on your business can also point to signs of fraud. Not all PPP loans required a credit check, so this isn’t a failsafe to rule out business identity theft entirely. Having identity theft restoration services in place can help monitor this type of data breach and the many other threats that exist to your business.
Familiar Forms of Fraud Persist
In addition to the direct use of personal information to apply for a fraudulent PPP loan, there are other familiar threats to be on the lookout for. Threat actors will prey on the fears of business owners and create opportunity made possible due to the time-sensitive nature of available funding.
A phone call from a supposed PPP loan broker who offers their services for a substantial fee to help you secure funding is a scam to be aware of. If this call is completely unsolicited you can be sure it’s fake. You should use the services of your accountant or a direct relationship with a lender instead of any sort of broker who charges a fee as you begin the application process.
Phishing attacks are also prevalent and are intended to gain access to your business’s PII by imitating official correspondence from the SBA. You may receive an official looking email from the SBA that is nothing more than an attempt to secure your information. If your application for a PPP loan is in-progress and you see one of these emails appear, make certain that it is indeed from the SBA and not from a scammer. Double check that your application number aligns with any referenced information in the email. If you feel like anything is suspect, there’s a good chance it is. Also, never click on any links or attachments in these types of emails because they could contain ransomware or malware onto find its way onto your device.
You can report suspected PPP fraud directly to the SBA here.
Here are a few resources to help you learn about and begin applying for a PPP loan. While you should always be aware of the scams and potential fraud outlined in this post, don’t let those fears keep you from applying for the funding and assistance that your business deserves as we all push through these challenging times.
LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID for Small Business data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.
Call us now for a now obligation proposal at 844-44-LIBERTY (844) 445-4237