According to the World Health Organization (WHO), cyber criminals are disguising themselves as WHO to steal money or sensitive information.
WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency, says the organization. These “Phishing” emails appear to be from WHO, and will ask users to:
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
Using this method, criminals can install malware or steal sensitive information, warns the organization. WHO says the following tips can prevent a phishing attack:
- Verify the sender by checking their email address. Make sure the sender has an email address such as ‘firstname.lastname@example.org’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’ for example.
- Check the link before you click. Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
- Be careful when providing personal information. Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
- Do not rush or feel under pressure. Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic. If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
- If you see a scam, report it. If you see a scam, tell us about it.