Cyber Threat Report: Small Business Facebook Grant Scams

Cybercriminals went to work as soon as Facebook announced that it would be offering $100 million in grants to small businesses that are being affected by the Covid-19 crisis.

Scammers went as far as creating a bogus CNBC article to lure business owners into clicking on a link to a malicious website. The site solicited the user’s Facebook credentials and sensitive information including address, social security number, and a scan of your ID.

With this information at their fingertips, these cybercriminals can steal your identity, ruin your reputation, and put your business at risk. Even with the blatant grammar mistakes and fishy URL, unfortunately, many people fell victim to this scam.

If you’d like to read more about this scam, click here.

If you’d like to read more about the Facebook Small Business Grants Program, click here.

We can’t stress enough how important it is to stay vigilant when on the internet and hyper-aware of what you click on. You’re just as likely to come across a phishing scam on social media as you are in an email.

As a reminder, here are some tell-tale signs of a phishing scam:

  • Is the email or website asking for sensitive information? Legitimate companies do not request passwords, credit card information, credit scores, etc., via emails. Chances are if you get an email or form asking for any of this information, especially when it’s unsolicited, it’s a scam.
  • Is the email addressing you by your name? If the email addresses you as ‘valued member’, ‘account member’, ‘customer’, it’s probably a phishing email. Legitimate companies have your information and will address you by your name.
  • Double-check the domain name! Check the email address by hovering your mouse over the ‘from’ address and go through letter by letter, number by number, to make sure there were no alterations. Also, look for public email domain names… no legitimate company is going to contact you via a ‘’.
  • How is the grammar? An email received by a legitimate company will be well written. If there are multiple misspellings and grammatical errors, then it’s most likely a phishing email.
  • Be wary of links! Always hover over the link with your mouse to see the website before you click the link. Also, as a heads up, some cybercriminals will create phishing emails that are coded entirely as a hyperlink – be careful not to click!
  • Is there an attachment? If you receive an unsolicited email with an attachment, be wary as it could contain a virus or malware. Be on the lookout for high risk file types including: .exe, .com, .scr, and .zip. If you have even the slightest inkling something is off, contact that company via phone to confirm legitimacy.
  • Is there a sense of urgency? Many cybercriminals will ask you to ‘act now or else’ hoping you’ll click on the link or download the attachment without checking for the legitimacy of the email. This is especially effective in the workplace.


4332 Wheeler Road #105, Augusta GA 30907


Follow your Augusta IT Guys on FacebookTwitterInstagram, and Linkedin