The World Health Organisation (WHO) has warned the public to be aware of some criminals disguising themselves as the WHO, to steal money and sensitive information.
It said these criminals often use emails, websites, phone calls, text and fax messages for scams and urged people to clarify the legitimacy of such communications by contacting WHO directly.
It advised that any contact by a person or organisation that appears to be from the WHO must be verified for their authenticity before responding.
In a publication on its website, the WHO said it would never ask for username or password to access safety information and advised the public against emailing attachments they did not ask for.
It also said the WHO would never ask anyone to visit a link outside of http://www.who.int, or charge money to apply for a job, register for a conference, or reserve a hotel, and neither would it conduct lotteries or offer grants, prizes, certificate or funding through emails.
It said the only call for donations WHO has issued, was the COVID-19 Solidarity Response Fund, and that any other appeal for funding or donations that appeared to be from WHO was a scam.
The WHO is aware of suspicious email messages attempting to take advantage of the COVD-19 emergency, a fraudulent action known as “Phishing”, by which these criminals ask people to give out sensitive information such as usernames or passwords, or request users to click a malicious link or open an attachment.
In preventing phishing, individuals are advised to verify if the sender had an email address such as ‘firstname.lastname@example.org’ and if there was anything other than ‘who.int’ after the ‘@’ symbol, then the sender was not from WHO.
For example the WHO does not send email from addresses ending in ‘@who.com’, ‘@who.org’, or ‘@who-safety.org’.
The WHO further advised people to be careful when providing personal information, not to rush or feel under pressure as cyber criminals often would use emergencies such as the COVID-19, to get people to make decisions quickly.
It urged all who have given such sensitive information to criminals, to immediately change their credentials on each site where they had used them and quickly report it to the WHO.