World Health Organization Warns of Coronavirus (COVID-19) Phishing Attacks

Posted on March 13, 2020

The World Health Organization (WHO) warns of ongoing coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.

The phishing messages are often camouflaged to appear as being sent by WHO officials and ask the targets to share sensitive information like username and passwords, redirect them to a phishing landing page via malicious links embedded in emails, or ask them to open malicious attachments containing malware payloads.

Two things to know:

  • No one should receive phone calls from a public health agency regarding COVID-19.
  • If you are contacted by email by a person or organization that appears to be from WHO, verify their authenticity before responding. You can do that by following these steps:
        1. Verify the sender by checking their email address – WHO sender addresses use the person@who.int pattern
        2. Check the link before clicking – make sure it starts with https://www.who.int
        3. Be careful when providing personal information – never provide your credentials to third parties, not even WHO
        4. Do not rush or feel under pressure – don’t fall for tricks designed to pressure you into clicking links or opening attachments

An example of a phishing campaign using COVID-19 as bait is asking potential victims to “go through the attached document on safety measures regarding the spreading of coronavirus.” The victim is asked to download the attachment to their computer by clicking on a “Safety Measures” button that would instead redirect them to a compromised site the attackers use as a phishing landing page.

The phishing page loads the WHO website in a frame in the background and displays a pop-up in the foreground asking the targets to verify their email. Once they enter their usernames and password and click the “Verify” button, their credentials will be sent to a server controlled by the attackers and redirect them to WHO’s official website.

The U.S. Federal Trade Commission (FTC) also warned about ongoing scam campaigns using the current coronavirus to bait targets from the United States via phishing emails, text messages, and even social media.

Several phishing campaigns using coronavirus lures have been targeting individuals from the United States while impersonating U.S. Centers for Disease Control and Prevention (CDC) officials and virologists, warning of new infections in the victims’ area and providing “safety measures.”

You can go to https://www.bleepingcomputer.com/news/security/world-health-organization- warns-of-coronavirus-phishing-attacks/ and see the full article about these phishing campaigns.

Be vigilant to email communications in relation to staying safe and protected from the coronavirus.