AGENCIES, New York: Any crisis is an opportunity for criminals and as coronavirus threat looms large, the World Health Organisation has issued a notice warning people about cybercriminals posing their representatives and trying to trick people into downloading malicious software or stealing their login credentials.
The cybercriminals modus operandi is to claim to offer safety measures against coronavirus via emails, phone calls, text messages, fake websites in order to steal sensitive information from users, according to WHO.
Another report by security firm Mimecast highlights how scammers are sending phishing emails to people using similar tactics.
“Criminals are disguising themselves as WHO to steal money or sensitive information,” the WHO statement said. “If you are contacted by a person or organisation that appears to be from WHO, verify their authenticity before responding.”
WHO said that it will never ask users to login in order to view safety information or send an email attachment that they didn’t ask for in the first place. Users are warned against visiting any links other than the official http://www.who.int.
WHO said it does not conduct lotteries, charge money to apply for a job, register for a reference, or reserve a hotel. Nor is the organisation asking users to donate directly to emergency response plans or funding appeals. This is another trope that cybercriminals could use in light of the recent health emergency.
In case you receive an email, phone call, text message, or fax message claiming to be from WHO, you can directly contact the organisation to verify if the communication is legitimate.
WHO has also issued some directions on how to deal with any suspicious email, which claims to offer help or safety tips about the 2019 novel coronavirus. The global outbreak of the disease is encouraging scammers to send phishing emails, where they try and trick users into giving up important information.
In order to prevent phishing, email users should verify the email address of the sender.
Emails from WHO have the email address which reads as ‘email@example.com’ Anything other than ‘who.int’ after the ‘@’ symbol means the sender is not from WHO. The official organisation does not send emails from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’. It is also asking users to go directly to the WHO website, rather than clicking on links in emails or messages.