The World Health Organisation reports – it is under increasing attack from the cyber-criminals. The WHO is an entity that is fighting the coronavirus pandemic, trying to co-ordinate responses as much as possible, to slow the spread, to reduce the death toll from this dreadful disease.
The criminals do not care. They attack the WHO. They will attack anybody if they think there is a chance of conning , scamming money. You are a target, and you need to be very certain that you have proper, robust, resilient defences against the attack, which WILL come.
I regret using such scary terms, but trust me, you need to be aware of the threats out there.
Phishing attacks are a common way to trick people into giving away enough information
to mount an attack. The criminals will glean enough info to capture your customer list, perhaps intercept your email traffic, spoof your customers into paying YOUR latest invoice into THEIR bank account.
They are inventive and clever – WE need to be vigilant and resolute. Follow security protocols, train staff to be aware of these low-life individuals and their tactics.
The WHO also published an advisory
Beware of criminals pretending to be WHO
Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments.
These actions can reveal your user name and password, which can be used to steal money or sensitive information.
If you are contacted by a person or organization that appears to be WHO, verify their authenticity before responding.
The World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you didn’t ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.
Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.
You can verify if communication is legit by contacting WHO directly.
Phishing: malicious emails and messages appearing to be from WHO
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
Using this method, criminals can install malware or steal sensitive information.
How to prevent phishing:
- Check their email address.Make sure the sender has an email address such as ‘firstname.lastname@example.org’
If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’
Beware, however, that even an email address with the correct domain name may not be from WHO. Criminals can forge the “From” address on email messages to make them appear to be from ‘@who.int’. Please follow the steps from 2 to 6 below to prevent phishing.
WHO is implementing a new email security control called Domain-based Message Authentication, Reporting, and Conformance (DMARC) to prevent this type of impersonation.
- Check the link before you click. Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
- Be careful when providing personal information. Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
- Do not rush or feel under pressure. Cybercriminals use emergencies such as the coronavirus disease (COVID-19) pandemic to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic. If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
- If you see a scam, report it. If you see a scam, tell us about it.