On August 12, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reported an unknown malicious cyber actor sending phishing emails purporting to be from the Small Business Administration (SBA) concerning COVID-19 loan relief and containing a malicious link to a spoofed SBA website that is being used for re-directs and credentials harvesting. The report includes some recommended mitigation measures that businesses, organizations and government agencies should consider. While the report only focuses on one specific phishing scheme, it serves as an important reminder to all businesses, organizations and agencies that malicious actors see the same developments the rest of us see on the business and political fronts, and they’ll work tirelessly to take advantage of the “opportunities” created by those developments. It’s also an important reminder for businesses, organizations and agencies to stay informed of the ever-changing cyber threat environment, to regularly train employees on potential threats and how to handle them, and to foster a security-minded culture where employees understand that “security is everyone’s responsibility.”