The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.
“Criminals are disguising themselves as WHO to steal money or sensitive information,” the United Nations agency says in the Coronavirus scam alert.
“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency.”
The phishing messages are camouflaged and appear to be sent by WHO officials. The emails ask targets to share sensitive information such as usernames and passwords, redirect them through malicious links embedded in the emails to a phishing landing page, or ask them to open malicious attachments that contain malware payloads.
Defend against phishing attempts
“If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding,” says the WHO.
You can do that by following the steps detailed below:
1. Verify the sender by checking their email address — WHO sender addresses use the email@example.com pattern.
2. Check the link before you click — make sure the links start with https://www.who.int or enter the address manually in the browser.
3. Be careful when providing personal information — never provide your credentials to third parties, not even the WHO.
4. Do not rush or feel under pressure — don’t fall for tricks designed to pressure you into clicking links or opening attachments.
5. If you gave sensitive information, don’t panic — reset your credentials on sites you’ve used them.
6. If you see a scam, report it at https://www.who.int/about/report_scam/en/.
WHO said on January 30, 2020, that the new 2019 novel Coronavirus (now known as COVID-19) outbreak is a public health emergency of international concern.
The next day, the U.S. Health and Human Services Secretary Alex M. Azar also announced that the COVID-19 outbreak is “public health emergency for the entire United States.”
WHO phishing campaign examples
Earlier this month, the Sophos Security Team found an example of such a phishing campaign using COVID-19 as bait and asking potential victims to “go through the attached document on security measures about coronavirus spreading.”
They were also asked to download the attachment to their computer by clicking on a “Safety Measures” button, which instead would redirect them to a compromised site that attackers use as a phishing landing page.
This phishing page loads the WHO website in a background frame and shows a pop-up in the foreground that asks the targets to search their e-mail.
When they type in their usernames and passwords and click on the “Verify” button, their credentials will be exfiltrated over an unencrypted HTTP link to a server managed by the attackers and redirected to the official WHO website — not that the phishers should worry about the data security of their victims.
Previous warnings, samples, and attacks – Coronavirus Phishing Attacks
The U.S. Federal Trade Commission (FTC) has warned of widespread spam schemes using the current global health crisis on the Coronavirus scale to bait U.S. targets by phishing emails, text messages and even social media.
Last but not least, a report published by Imperva researchers highlights how “high levels of concern around the Coronavirus are currently being used to increase the online popularity of spam campaigns designed to spread fake news and drive unsuspecting users to dubious online drug stores.”