IT Security Updates - Cyber-criminals pretending to be WHO and fake online coronavirus map
Mon, 30 Mar 2020

Cyber-criminals are disguising themselves as the World Health Organisation (WHO) to steal money or sensitive information. These criminals are sending out fraudulent phishing email messages attempting to take advantage of the COVID-19 emergency.

These phishing emails will appear to be from WHO and may ask you to give sensitive information, click on malicious links or ask you to open a malicious attachment. Criminals can then install malware or steal sensitive information from you.

Top tips for checking whether an email is phishing:

Verify the sender by checking their email address

WHO does not send emails from addresses ending in '@who.com', '@who.org' or '@who-safety.org'. The WHO will send an email ending in 'who.int'.

Check the link before you click

Make sure the link starts with 'https://www.who.int'. The best way to avoid clicking on malicious links within emails is to manually enter the website address yourself in your internet browser.

Do not rush or feel under pressure

Cyber-criminals use emergencies to get people to make decisions quickly. Phishing emails often contain a forceful or faked urgency, demanding immediate action.

With more staff expected to work from home it is crucial that all staff are vigilant when clicking on links within an email or opening email attachments, especially if the email is from an unknown sender.


Fake online coronavirus map

A malicious website pretending to be the live map showing coronavirus COVID-19 global cases is circulating on the internet, waiting for unwitting internet users to visit the website. Visiting the website will infect the users device with malware, which is capable of stealing sensitive information.

It is likely that it is being spread via infected email attachments and malicious online adverts. Anyone searching the internet for a coronavirus map could also unwittingly navigate to the malicious website.


Fake online coronavirus map


You should look for a padlock and "https" within the web address. People are advised to be careful when clicking on links within emails. It is possible to hover over the link within the email, which should display the actual web address at the bottom of the page. If unsure, it is best to manually input the web address to get to the website.

Any cyber incident should be reported to the IT Service Desk immediately.

For further information, please see the ICT Security Intranet page


Share your views

Whether you like this new page or there's something not quite right - please let us know!