The Sophos Security Team received a report of a phishing scam that uses the novel coronavirus (2019-nCoV) and the World Health Organization (WHO) as baits.
According to Sophos, an email carrying the WHO logo has been circulating, asking people to go through an attached document, which outlines safety measures and other pertinent information regarding the 2019-nCoV. Like the usual phishing scams, unsuspecting users who clicked on the link would be directed to a clone of the WHO’s homepage. A pop-up form requires individuals to enter personal data.
The bogus website “doesn’t just look like the WHO’s page in the background, it is the WHO’s page, rendered in a frame that’s embedded in the fake site,” Sophos’ blog post said.
The site looks like a compromised music site, which obviously does not have a connection to the health organization, that alone is a red flag. Also, most websites nowadays use HTTPS in the address bar and this one uses HTTP only, although, there are still websites that prefer not to use the former.
At this time of global crisis, people welcome any new information that may help them understand the hundreds of deaths caused by 2019-nCoV.
Sophos provided a list of reminders for people to avoid falling for this phishing scam:
- Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you but are usually a huge barrier for the crooks because just knowing your password alone is not enough.
- Never let yourself feel pressured into clicking a link in an email. Most importantly, don’t act on the advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look.
- Don’t be taken in by the sender’s name. This scam says it’s from “World Health Organization” but the sender can put any name they like in the From: field.
- Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent. It’s bad enough to get scammed at all without realizing afterward that you could have spotted the fraud upfront.
- Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
- Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness webpage to ask for your email address, let alone your password. If in doubt, don’t give it out.
- If you realize you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically), so the sooner you react, the more likely you will beat them to it.
- Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.