In this time of crisis spread by the Coronavirus pandemic, the cybersecurity of people has been put to risk due to cybercriminals harnessing this chaos for malicious motives. The World Health Organization (WHO) has released a statement warning people to Beware of criminals pretending to be WHO.
Criminals are disguising themselves as WHO to steal money or sensitive information. It is advised that if you’re contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.
The World Health Organization will never ask for:
Your username or password to access safety information.
Email attachments you didn’t ask for.
You to visit a link outside of www.who.int.
Money to apply for a job, register for a conference or reserve a hotel.
Conduct lotteries or offer prizes, grants, certificates or funding through email.
The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund.Criminals are using email, websites, phone calls, text messages, and even fax messages for their scams. You can verify if communication is legit by contacting the WHO directly.
Phishing emails are being sent attempting to take advantage of the COVID-19 emergency. These “Phishing” emails appear to be from WHO and will ask you to:
Give sensitive information, such as usernames or passwords
Click a malicious link
Open a malicious attachment.
Using this method, criminals can install malware or steal sensitive information. WHO has also given some guidelines on identifying phishing emails:
Verify the sender by checking their email address
Make sure the sender has an email address such as ‘firstname.lastname@example.org’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.For example, WHO does not send email from addresses ending in ‘@who.com’, ‘@who.org’ or ‘@who-safety.org’.
Check the link before you click
Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
Be careful when providing personal information
Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
Do not rush or feel under pressure
Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
If you gave sensitive information, don’t panic
If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
If you see a scam, report it.
If you see a scam, tell WHO about them