Coronavirus – Explosion in Scams and Phishing Attempts

Both the FBI and the FTC are investigating a huge rise in the amount of scam and phishing emails, particularly scams related to coronavirus and fake cures or medication in the US. It is likely that the rise is true worldwide, as cybercriminals see an opportunity to profit from the panic surrounding Covid-19.

A report released this week by cybersecurity company Digital Shadows found that scammers are increasingly posing as organisations related to Covid-19 such as the World Health Organisation (WHO), John Hopkins University and the Centers for Disease Control (CDC). The emails often entice users to click on links that download malware which can steal sensitive information such as credit card numbers.

The WHO itself issued a warning in February about such issues:

“Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.

The World Health Organization will:

never ask for your username or password to access safety information
never email attachments you didn’t ask for
never ask you to visit a link outside of www.who.int
never charge money to apply for a job, register for a conference, or reserve a hotel
never conduct lotteries or offer prizes, grants, certificates or funding through email.

The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund, which is linked to below. Any other appeal for funding or donations that appears to be from WHO is a scam.”

WHO logo

How to Avoid Phishing Attempts

They also issued some advice on how to prevent phishing attempts from WHO, although the advice is also great for beating phishing attempts from any supposed source:

1 Verify the sender by checking their email address

Make sure the sender has an email address such as ‘person@who.int’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.

For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’.

2 Check the link before you click

Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.

3 Be careful when providing personal information

Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.

4 Do not rush or feel under pressure

Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.

5 If you gave sensitive information, don’t panic

If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.

6 If you see a scam, report it

If you see a scam, tell us about it.

Learn More About Digital Security

If you want to learn more about cybersecurity, online threats such as phishing, and how you can better protect yourself, our guide to Protecting Your PC is a perfect place to start!

Russ Ware

Russ has been testing, reviewing and writing guides for tech since the heady days of Windows 95 and the Sega Saturn. A self-confessed (and proud) geek about all things tech, if it has LED's, a screen, beeps or has source code, Russ will want to master it (and very likely take it apart to see how it works...)

Related Articles

Back to top button
Close