Phishers impersonate WHO, exploit coronavirus-related anxiety

Media outlets are reporting daily on the coronavirus outbreak in Wuhan and the emergency repatriation of foreign citizens that found themselves in the thick of it.

As cases of the virus infection keep popping up across the world – demonstrating just how small (i.e., well-connected) our planet is – so do fake news and videos about the situation on social media, as well as malware, phishing schemes and other scams in people’s inboxes.

The latest example of the latter are fake emails purportedly coming from the World Health Organisation (WHO), which is, ironically, engeaged in fighting an “infodemic” of fake coronavirs-themed news online.

Emails impersonating the WHO

The email, spotted by the Sophos Security Team, uses a trick lately favored by phishers and scammers: “Click here to download safety measures to prevent the spread of the coronavirus.”

coronavirus fake emails

The link takes the potential victim to a compromised web page containing a frame that renders the legitimate WHO page, which currently and prominently sports a link to information about this novel coronavirus.

Unfortunately, it also shows a simple pop-up asking the potential victim to “verify” their email by entering their email address and password. Those who fall for the trick are redirected to WHO’s legitimate page, while their email login credentials end up in the phishers’ hands.

Spotting fake emails

As Sophos’ Paul Ducklin pointed out, most English-speaking recipients will likely notice the spelling and grammatical mistakes in the email.

They might also wonder why the WHO is sending them an email and why it’s asking them to verify their email, or notice that the landing page has no HTTPS and no obvious connection to the health organization. Those are unlikely to fall for this type of trick.

Unfortunately, there are always some recipients that are too distracted, panicked or simply haven’t yet learned to be careful when it comes to unsolicited emails, and those might end up handing over their credentials.

Don't miss