The World Health Organization (WHO) is stepping up to accelerate the containment of the new coronavirus strain. Unfortunately, it also has to tackle the spread of misinformation and online scams seemingly associated with the reputable UN agency.
Misinformation Begins to Spread
The Wuhan coronavirus, provisionally named 2019-nCoV, was first reported early in December 2019. The first known human infection occurred in the Chinese province of Wuhan. The virus subsequently spread to all provinces of China and to more than two dozen other countries.
On 30 January 2020, the novel coronavirus was declared a global health emergency by the WHO. Today, there are 40,158 confirmed cases of the infection. The total number of deaths attributed to the virus has risen to 906.
As the situation unfolded, misinformation, scams and other forms of digital threats began to ripple across the world wide web. Scammers and cyber criminals even used the WHO’s own name to spread panic and lure people into online scams. This prompted the WHO to ramp up their efforts to halt the spread of misinformation and raise awareness about digital threads.
A Pandemic Turning into an Infodemic
The WHO’s social media manager, Aleksandra Kuzmanovic, and her colleagues are currently in contact with tech giants such as Google, Facebook, Pinterest, Twitter, as well as the major Chinese-owned social media site WeChat to halt what she calls an “infodemic”. Following last week’s efforts, Google, Facebook and Pinterest users who search for information or images related to the coronavirus now see WHO resources and the WHO’s myth busters page first. News feeds featuring correct information were also translated into Chinese.
This week, the WHO’s manager of digital solutions, Andrew Pattison, is travelling to Facebook’s headquarters. In a meeting with a group of about 20 tech companies, including Uber and Airbnb, he wants to discuss ways for these companies to help the WHO fight the spread of misinformation. “I’d love to see Airbnb give advice to people traveling about coronavirus,” Pattison told the New York Times.
Not a bad idea, given the array of wildly untrue claims about the coronavirus. Some messages state that it can be prevented by eating garlic, gargling mouthwash or putting on sesame oil, for example. Others say that pets and even packages from China can spread the virus, or that only old people are affected.
Coronavirus Phishing Scams on The Rise
Sadly, a global health emergency like this gives cybercriminals a believable reason to contact people and lure victims into phishing scams. For example, in one scam users receive an email with a link to a mouth mask to protect themselves against the coronavirus. Next, they end up on a phishing website that asks them to enter their credit card details.
Moreover, the WHO warns users to be vigilant about fake emails carrying the logo of the World Health Organization [or The Centers of Disease Control and Prevention (CDC) of another reputable organization for that matter]. One example of a scam using their logo is an email with the subject “Safty Corona Virus Awareness WHO”, containing a click through button to important “Safety measures”.
People fluent in English might quickly notice the spelling mistake in the subject line. Another give-away is the referral to an HTTP site, instead of an HTTPS site. This is unusual these days. Thirdly, there is a pop-up on an image of the WHO’s homepage requesting users to “Verify” their e-mail, by typing in their e-mail address and password. Once a user clicks verify, the criminals simply redirect the user to the real WHO site, having gained access to their email account in the process.
Another method cybercriminals may use is to attach a malicious .pdf. .mp4 or .docx file to a seemingly credible email. In reality, these files contain trojans and worms capable of interfering with the victim’s computing equipment or network.
What to Do?
In general, the best thing users can do is pay attention to dubious emails. Don’t be fooled by the sender’s name, and look out for spelling and grammatical errors. Further it is best to avoid clinking on unsolicited, suspicious links, or opening unexpected files. Never enter data that a website should not be asking for.
Furthermore, it is also advisable to use secure passwords, turn on two-factor authentication and keep your software up-to-date. Be aware that reputable organizations do not ask for donations in the form of bitcoins or other forms of digital currencies.
To stay up to date on the coronavirus, only visit credible information sources directly (by typing in the address yourself), such as the website and official social media accounts of the WHO and the CDC.