Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disaster relief loans or provide application status following the impact of the ongoing COVID-19 pandemic, ultimately deliver malware to those who open the attachments. These emails may coincide with a notification from the SBA regarding some small business loan applicants who potentially had their personally identifiable information (PII) exposed, possibly being used by cybercriminals to compose target lists.