In August 2020, the US-CERT Cybersecurity & Infrastructure Security Agency published an alert regarding a malicious actor using COVID-19 as an opportunity for phishing and compromising credentials. The bad actor was sending a phishing email with a link to a spoofed version of the COVID-19 loan relief webpage. As usual, malicious actors are ruthless but clever. 

As many organizations continue to focus on managing the operational effects of COVID-19, training over targeted phishing attacks may not be as high on the priority list. However, as we learned in the 2020 State of Cybersecurity survey, almost 80% of respondents believe their cybersecurity training directly reduces the risk of cybersecurity incidents. So, testing employees over timely with realistic scenarios, as well as providing follow-up training can give your team the tools they need to manage the real thing.  

We highly recommend you take this opportunity to test your employees with culturally relevant phishing tests, like the recent COVID-19 scam, to keep them vigilant against phishing attacks. 

If you are subscribed to our Tandem Phishing product or would like to have a free trial (see below for details), you can set up a campaign today designed specifically to verify employee preparedness for this scam. Some characteristics of this template include the use of: 

  • An unfamiliar sender. 
  • The same subject as the official phishing scam ("SBA Application – Review and Proceed"). 
  • A variation on the SBA name and branding (i.e., "Small Business Association" instead of "Small Business Administration"). 
  • The employee's first name in the email body, for spear phishing. 
  • Multiple links in the email body and footer to offer multiple click opportunities. 
  • A matching landing page form, to take the test a step further in verifying an employee's preparedness. 

  Message Template                                     Landing Page


Are your employees ready? 

To send this test to your employees, sign in to your Tandem Phishing account and create a campaign – or – if you are not a current Tandem Phishing customer, send an email to to request a free trial. The free trial will give you full access to test your employees with this message and more for no cost.