As coronavirus challenges mount, WHO’s reputation is being hijacked for data theft scams
The World Health Organization (WHO) is working to assist in the containment of the new coronavirus strain but is also having to tackle digital threats made under its own name, with scammers and cyberattackers playing upon the organization’s reputation to spread their own form of infection.
Believed to have originated from Wuhan, China, the novel coronavirus strain — also known as 2019-nCoV — was first reported in December 2019. Contracting the respiratory illness causes mild, flu-like symptoms but may become more serious in cases where immune systems have been compromised, when elderly, or when there are pre-existing medical conditions.
The doctor who attempted to warn other medical professionals of a potential outbreak, Li Wenliang, recently died while treating patients in Wuhan. In December, Chinese law enforcement warned Li to “stop making false comments,” and now, his death has prompted a wave of anger on Chinese social media networks.
Cases have been reported in China, the US, UK, Japan, Germany, Singapore, and Australia, among other countries.
At the time of writing, 31,000 coronavirus cases have been reported, together with over 600 deaths, the majority of which are in China. Over 1,700 coronavirus sufferers have recovered.
The coronavirus has impacted travel, with journeys to China advised only in essential cases by the US and UK; attempts are being made to expatriate citizens from Wuhan, and there are concerns that the illness will impact businesses and the supply chain.
Events, too, have been affected, including GSMA’s Mobile World Congress Barcelona 2020. Major vendors at the show, LG and Ericsson, have withdrawn on the basis of their responsibility to keep employees and customers safe. MWC is still going ahead.
The WHO is an agent of the United Nations that monitors and provides input into international health issues. This includes acting as an advisory body to governments, issuing recommendations, and working on global response plans to outbreaks.
In recent weeks, the agency has found itself not only working with countries around the globe to tackle the spread of the novel coronavirus, but also communicating with individuals worried about contracting the illness — a fear which is being stoked online by misinformation.
As the situation emerged, fake news, hoaxes, and scams also began to spread. Treatment recommendations of bleach washes, eating garlic, and gargling with mouthwash, alleged connections between the virus and bat soup, rumors that 2019-nCoV was developed in a secretive Chinese lab as a bioweapon — the list goes on.
It is now up to WHO, alongside online platforms, to combat false information. A difficult prospect, especially when the agency’s name is also being used to spread panic.
Aleksandra Kuzmanovic, a social media officer at the WHO, is a member of the team that is fighting what the agency is calling an “infodemic.”
In an interview with the New York Times, Kuzmanovic said the WHO is working with vendors including Pinterest, Facebook, Twitter, and Google to try and contain the spread of misinformation. A meeting is due to take place next week which will bring together 20 tech giants, including Uber and Airbnb, to discuss ways for these companies to help the WHO.
Certain measures are already underway. Searching for coronavirus on Google, Facebook or Pinterest, for example, will display a prominent link to WHO resources. Facebook and Twitter have taken a hard line on publishers that choose to use concerns relating to the novel coronavirus to spread fake information, such as in the case of ZeroHedge, a website now banned from Twitter after doxxing a Chinese scientist accused of having a hand in ‘creating’ the virus.
The advice is the same for the novel coronavirus and the flu — maintain good hygiene and wash your hands. Misinformation that harnesses the general public’s worries concerning the illness is spreading, however, in order to promote fake ‘cures,’ health products — and scams.
The WHO has been embroiled in phishing campaigns, as documented by cybersecurity researchers from Sophos, in which the non-profit’s trustworthy name is being used as the lure to spread malware.
In one campaign, emails are being sent that contains the WHO logo and “safety measures” on the virus. The spelling mistakes could be a giveaway for some, but if others fall for the email, they are directed to click on a link to a web form used to harvest email credentials. If a victim hands over this data, they are then sent to the legitimate WHO domain to prevent arousing suspicion.
Mimecast researchers have spotted separate campaigns that also attempt to play on coronavirus fears, urging would-be victims to click a link to a .PDF file containing a “little measure that can save you.” IBM X-Force, too, has tracked malicious emails pretending to warn of coronavirus cases in order to spread the Emotet Trojan.
To stay up-to-date on the novel coronavirus, visit the official WHO website. Fraudsters love a crisis or stressful time of the season when they conduct phishing campaigns and so you should always take emails pretending to be from legitimate organizations, banks, and online services with a pinch of salt. If the email seems off, it most likely is.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0