Ever since the Novel Coronavirus broke out, adversaries are crafting their own techniques to cash out the havoc it’s causing. Several malware groups are attacking virus-vulnerable users under them of Coronavirus, and stealing information from them eventually. WHO warned the public about this, as adversaries are leveraging WHO tag to perform their actions.
Under the name of the reputed organization
Work Health Organization (WHO) is a specific wing of UN, that tracks the world health. The organization is now warning the public to be aware of phishing scams that scammers are actively doing. Here, users feared of Coronavirus outbreak are sent emails that contain malicious attachments for downloading malware, links to phishing sites to steal credentials etc. Some would even ask to donate directly to an account, all under the name of WHO.
This made WHO to release a press statement alerting users in wild as;
- never ask you to log in to view safety information
- never email attachments you didn’t ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email
- never ask you to donate directly to emergency response plans or funding appeals.
WHO has already declared the Coronavirus as a global health emergency (COVID-19). And is alerting everyone to take needed precautions to avoid being infected. With respect to online scams, it has set up a reporting page so that users can report any suspicious acts on its name.
Suspicious links and attachments
Here, the attacking campaign would go as sending emails to users and asking them to download the attachment, where they claim to have said Safety Measures against Coronavirus or asking them to verify their email by entering username and password on a pop-up created for stealing credentials.
Aside from WHO, there are several government departments and CyberSecurity firms alerted users about such phishing scams in the wild. US FTC previously warned about suspicious emails, texts, etc. UK’s CDC to has warned about impersonating methods. Security firms as Malware Hunter, Imperva and Sophos to have warned users of such phishing schemes.