World Health Organization Warns of Coronavirus Phishing Attacks

World Health Organization Warns of Coronavirus Phishing Attacks

Coronavirus Phishing Attacks

The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.

“Criminals are disguising themselves as WHO to steal money or sensitive information,” the United Nations agency says in the Coronavirus scam alert.

“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency.”

The phishing messages are camouflaged and appear to be sent by WHO officials. The emails ask targets to share sensitive information such as usernames and passwords, redirect them through malicious links embedded in the emails to a phishing landing page, or ask them to open malicious attachments that contain malware payloads.

Defend against phishing attempts

“If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding,” says the WHO.

You can do that by following the steps detailed below:

1. Verify the sender by checking their email address — WHO sender addresses use the pattern.
2. Check the link before you click — make sure the links start with or enter the address manually in the browser.
3. Be careful when providing personal information — never provide your credentials to third parties, not even the WHO.
4. Do not rush or feel under pressure — don’t fall for tricks designed to pressure you into clicking links or opening attachments.
5. If you gave sensitive information, don’t panic — reset your credentials on sites you’ve used them.
6. If you see a scam, report it at

WHO said on January 30, 2020, that the new 2019 novel Coronavirus (now known as COVID-19) outbreak is a public health emergency of international concern.

The next day, the U.S. Health and Human Services Secretary Alex M. Azar also announced that the COVID-19 outbreak is “public health emergency for the entire United States.”

COVID-19 distribution

WHO phishing campaign examples

Earlier this month, the Sophos Security Team found an example of such a phishing campaign using COVID-19 as bait and asking potential victims to “go through the attached document on security measures about coronavirus spreading.”

They were also asked to download the attachment to their computer by clicking on a “Safety Measures” button, which instead would redirect them to a compromised site that attackers use as a phishing landing page.

This phishing page loads the WHO website in a background frame and shows a pop-up in the foreground that asks the targets to search their e-mail.

Coronavirus Phishing Attack Campaign
source – bleepingcomputer

When they type in their usernames and passwords and click on the “Verify” button, their credentials will be exfiltrated over an unencrypted HTTP link to a server managed by the attackers and redirected to the official WHO website — not that the phishers should worry about the data security of their victims.

Previous warnings, samples, and attacks – Coronavirus Phishing Attacks

The U.S. Federal Trade Commission (FTC) has warned of widespread spam schemes using the current global health crisis on the Coronavirus scale to bait U.S. targets by phishing emails, text messages and even social media.

The security research team MalwareHunterTeam also shared malware samples that include Coronavirus references including a Remote Access Trojan (RAT), a Trojan, a stealer/keylogger, and a wiper.

Last but not least, a report published by Imperva researchers highlights how “high levels of concern around the Coronavirus are currently being used to increase the online popularity of spam campaigns designed to spread fake news and drive unsuspecting users to dubious online drug stores.”


Posted on