Fraud Alert: Criminals posing as WHO to steal personal information
Recently, there has been an increase in scammers pretending to be associated with the World Health Organization (WHO). These criminals are not trying to help provide you with helpful information—they are taking advantage of the COVID-19 emergency by sending out fake messages in an attempt to steal money or personal information. Messages may come in the form of a phone call, text message, email, or fax.
We want our members to be aware of this recent issue and know what to do in case they are contacted. If you receive direct communication that appears to come from WHO, take a few steps to confirm the sender’s identity before responding:
- Check the sender address – The World Health Organization has said, “If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.” Fake emails currently circulating may come from ‘@who.com’, ‘@who.org’ or ‘@who-safety.org’. Do not respond to messages from these senders.
- Check the message content – WHO has stated that they never email unsolicited attachments, links outside of www.who.int, require a login for safety information, conduct lotteries, or ask for donations. Attachments and links may be included by criminals in an attempt to install malware on your device or to encourage you to provide sensitive information.
- Pay attention to requests for personal information – Not all requests for information are appropriate, so be sure to analyze the context. Scammers like these use emergencies to pressure people into making decisions. Take a minute to think about what you are looking at before acting. If you have already provided passwords or usernames to a cybercriminal, change your information on any websites that use them.
Still have questions? Contact WHO directly to verify the truth of a communication or report a scam. You can also find out more about the cybersecurity situation by visiting their website here.