As we fight against Coronavirus, there’s a bigger problem that in the way – “Phishing scams related to Coronavirus”.
The World Health Organization (WHO), has recently released URGENT warnings about phishing attacks based on the epidemic, Coronavirus. WHO suggested that scammers have prepared emails impersonating the organization’s identity to fetch public information and potentially deliver malware.
Here’s What Happened?
Cybercrime experts have been phishing for people’s personal information via camouflaged emails depicting to be the WHO officials. The incident has been revolving around the ongoing epidemic of Coronavirus and is being used as a tool to infect public systems with malware. If you receive such email, here’s what to expect:
The phishing messages ask the targets to share sensitive info like usernames and passwords.
It also redirected users to a phishing landing page via malicious links embedded in the emails.
In some cases, it requested victims to open malicious attachments.
Cwyware.com reported, “WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” the agency said in the Coronavirus scam alert.
How does phishing work in this case?
In the email, users are generally asked to go through the attached document regarding safety or preventive measures for Coronavirus.
Users are then directed to download the attachment on their system simply by clicking on a “Safety Measures” button.
Once clicked, it redirects them to a compromised site (a phishing page) controlled by the attackers.
The page loads the WHO website in a frame in the background with a pop-up asking the users to verify their email.
Clicking on the “Verify” button discloses their credentials to the attackers. At the same time, the user will see that they are being redirected to the WHO’s official website.
Our Recommendations:
If you receive unsecured emails and doubt the authenticity of the email, DO NOT panic, click and surrender ANY information. Contact the trusted authorities to verify any information related to the email. Lastly, the WHO provided helpful links for contacting or reporting a scam to WHO to help anyone in need.
