These individuals are always taking advantage of the trending global issue and turn it into a scam. As usual, they will ask for login information, sending unknown e-mail attachments, directing people to a different website other than www.who.int, and also requesting for direct donations to emergency response plans or even funding appeals.
The WHO also stated that the organisation has never done these actions, and warns the people that scams come in the forms mentioned above: e-mails, phone calls, text messages, websites and even fax messages.
To know a little bit more about the activity of the scammers, they send out malicious e-mails which are called "phishing" e-mails. They will try to manipulate people into thinking that the e-mail came from the WHO, and ask for personal information like usernames and passwords, click on suspicious links and even open malicious attachments. Once users fall into the trap in giving their information, the criminals will able to install a software that enables them to gain access to, or damage, computers.
We spoke to James Forbes-May VP of Asia Pacific at Barracuda Networks, the email security specialists. James told us "It's really unfortunate that cybercriminals who use phishing techniques often prey on people's fears. Phishing is successful because it plays with people's emotions. When we are are happy or scared about something we are less likely to use critical reasoning. That's how and why Phishing e-mails continue to work as people react before they think. Even though this is a very high profile example the best practice is no different here, users need to be educated and made aware of the threat, the more we expect it the more chance they won't be fooled. Companies should also remember it's not just posing as WHO that has cybercriminals rubbing their hands with glee. Business is extremely vulnerable at this time with multiple distractions coming as a result of coronavirus such as increased numbers of employees working at home potentially being more susceptible. With average breach detection taking 279 days, it could be well after the dust settles on this current emergency before companies realise the damage has been done. In terms of these fake WHO approaches which are happening right now. An effective first step is for your IT department to e-mail users warning them to look out for this scam, and if they receive anything unexpected from the World Health Organization to check it and seek advice if they are unsure."