Be Aware of Scammers Pretending To Be W.H.O.: Online Security Guidelines Here · 6:59pm Mar 23rd, 2020
Blog Number 69: A Coronavirus Update Edition
It's important to remember: a virus is not your only enemy in an outbreak. Some people will take advantage of the uncertainty and panic (and even altruism) to scam you. Stay safe online by following the W.H.O.'s guidelines below!
Link to W.H.O. Situation Reports
Firstly, because this is how I found out about the problem, it's a good idea to get acquainted with the Coronavirus disease (COVID-2019) situation reports published daily on the W.H.O. website. They not only provide information on infection rates as the outbreak progresses per continent, but inform you of any new developments in other fields, such as official policy changes in response. Link below:
https://www.who.int/emergencies/diseases/novel-coronavirus-2019/situation-reports
I myself only became aware of this resource recently, as the full impact of the situation slowly dawned on me. Shamefully, I must confess I didn't think it all that serious until I finally did some research on the current strain of coronavirus, SARS-CoV-2, and the resultant disease, COVID-19.
Trust me, doing your homework is a good thing in any situation, but it's especially important in this situation.
W.H.O. Report on Cybercrime
Anyway, the crux of the matter: in its latest report (Situation report - 62), the World Health Organisation has urged the public to be careful of cybercriminals posing as the organization itself. Quoted below:
There has been a rise in criminals disguising themselves as WHO to steal money or sensitive information. WHO urges individuals to stay alert and to verify the authenticity of the request. Information on protecting yourselves against scams as well as reporting the scam to WHO can be found here.
The full Situation report - 62 can be found in the link here.
Don't worry. In the link below, you can also find safety guidelines on how to identify a genuine W.H.O. communication (emails, website links, and so on) from a fraudulent one.
Beware of criminals pretending to be WHO
https://www.who.int/about/communications/cyber-security
Please Spread This Message
For quick reference, I've copied the full article below, complete with the internal links (if you want to donate money, for instance, there's a link directly to the COVID-19 Solidarity Response Fund), but I strongly recommend going to the original source above, chiefly because it might be updated at a moment's notice, and anyway the best principle to follow is to go direct to a source, not to rely too much on second-hand reports, not even from well-meaning friends. I'm acting as a signpost, not as an official authority.
Lastly, please spread this message to as many people as possible. In particular, make it known there really is a legitimate way to donate money to the cause. Anyway, I don't have a lot of influence or a long reach from here, so I'm hoping this reaches someone who does. The sooner we make the scammers' tricks harder to pull off, the better.
Impossible Numbers, out.
Copy of the Original Article
Beware of criminals pretending to be WHO
Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.
The World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you didn’t ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.
The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund, which is linked to below. Any other appeal for funding or donations that appears to be from WHO is a scam.
Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.
You can verify if communication is legit by contacting WHO directly.
Phishing: malicious emails appearing to be from WHO
WHO is aware of suspicious email messages attempting to take advantage of the COVID-19 emergency. This fraudulent action is called phishing.
These “Phishing” emails appear to be from WHO, and will ask you to:
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
Using this method, criminals can install malware or steal sensitive information.
How to prevent phishing:
Verify the sender by checking their email address.
Make sure the sender has an email address such as ‘person@who.int’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.
For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’.
Check the link before you click.
Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
Be careful when providing personal information.
Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
Do not rush or feel under pressure.
Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
If you gave sensitive information, don’t panic.
If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
If you see a scam, report it.
If you see a scam, tell us about it.
EDIT: I've just been made aware the "Report a scam" links in the main article take you to the "About WHO" page. This was in the original article, but I think it might be confusing to some. If you want to report a scam, please use the "Contact us" link instead. I've included another one below.
I have a very simple strategy of things like this: If someone calls me who's NOT on my phone's Contact List, I ignore it, block the number and delete the call log for it.
Same thing goes for my email.
5226568
Yes, a lot of this is just heeding basic safety requirements, to be fair. "Be careful when providing personal information", for instance, will always be relevant, regardless of context. But in a critical situation, I think it's worth repeating safety advice once heard in calmer contexts, too, because times of panic and worry are especially when it needs to be at the forefront of people's minds.
There's also the possibility that someone actively wants to help the W.H.O., only they're misled or tricked into giving to the wrong people. And it's equally important to steer such well-meaning people in the right direction at the same time, hence the links here and in the other blog I posted.
5226589 Okay, cool.
And I'll read it all through again here shortly.
Trying to get caught up on some of my OTHER reading first, though.
I vaguely remember getting a phone call that ended up accidentally outing itself as a scam because Canada doesn't have the thing it was trying to use. (No, I don't remember the specifics)
Criminals are disguising themselves as WHO? I should be paying attention to WHO? I should contact WHO if I am being scammed?
Not only am I confused, I am appalled at your grammar, good sire.
It should be WHOM.
5226716
Only you, Trixie...only you!
Please don't ever change, and thanks for giving us a reason to smile!
Thank you, Numbers! I'll pass this along, too.
"...oh you are, are you? Well then, which of these would you consider the greatest threat: cybermen, daleks or the weeping angels?..."
5227624
I was waiting for someone to make that joke. 5226716 Oh, and that one too.