World Health Organization Warns of Coronavirus Phishing Attacks (Feb 17, 2020)
The World Health Organization (WHO) is warning of Coronavirus-themed phishing attacks pretending to be sent from WHO officials. The email contains malicious attachments and request sensitive information such as usernames and passwords. The email advises the user to click on a link, supposedly containing a document about Coronavirus. Once the user clicks on the link, the WHO website with a pop-up requesting the users’ credentials appears, and if input, sent to a server controlled by actors.
Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Emails that request that the recipient follow a link or open an attachment can often be indicative of a phishing attack. Additionally, the user of password managers can assist in not only protecting user passwords, but said tools can also automatically fill out the username and password field if the domain is correct; thus fields that are not automatically populated can potentially identify a fraudulent website.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.