A billion years ago, in the shallow waters where early life evolved, our ancestors led lives of constant emergency. In a barren world, each single-celled amoeba was an inconceivably rich concentration of resources, and to live was to be beset by parasites. One of these, the giant Mimivirus, masqueraded as food; within four hours of being eaten, it could turn an amoeba into a virus factory. And yet, as the nineteenth-century mathematician Augustus de Morgan said, “Great fleas have little fleas upon their backs to bite ’em, and little fleas have lesser fleas, and so ad infinitum.” The Mimivirus had its own parasites, which sometimes followed it as it entered an amoeba. Once inside, they crippled the Mimivirus factory. This trick was so useful that, eventually, amoebas integrated the parasites’ genes into their own genomes, creating one of the earliest weapons in the immune system.
COVID-19, hackers are presented opportunity on multiple fronts. They play on people’s concerns about the virus by presenting phishing schemes or malware disguised in fake Centers for Disease Control and Prevention (CDC) alerts that talk about the latest vaccine or treatment developments. Hackers quickly used the pandemic and related anxiety to lure people into phishing schemes and malware attacks. There is also pressure on healthcare companies and researchers to safeguard their vaccine and treatment data. As of mid-July, there have been multiple reports of Russian and Chinese state-sponsored hackers attempting to steal coronavirus vaccine data from various labs.
How Hackers Hack COVID -19 Patient ?
Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments.
These actions can reveal your user name and password, which can be used to steal money or sensitive information.
If you are contacted by a person or organization that appears to be WHO, verify their authenticity before responding.
The World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you didn’t ask for
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.
Be on alert when you receive an email with any link or attachments containing any reference to WHO. It might be a cyberattack.
The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund, which is linked to below. Any other appeal for funding or donations that appears to be from WHO is a scam.
There have been some cases reported of people fraudulently presenting themselves as WHO or the COVID-19 Solidarity Response Fund, and/or sending invoices requesting payment on behalf of the Fund. WHO, the UN Foundation, or the Swiss Philanthropy Foundation will never contact you for your credit card or banking details.
Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams. You can verify if communication is legit by contacting WHO directly.
Phishing: malicious emails and messages appearing to be from WHO
WHO is aware of suspicious email messages attempting to take advantage of the COVID-19 emergency. This fraudulent action is called phishing.These “Phishing” emails appear to be from WHO, and will ask you to:
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
Using this method, criminals can install malware or steal sensitive information.
How to prevent phishing:
- Check their email address
Make sure the sender has an email address such as ‘email@example.com’
If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’
Beware, however, that even an email address with the correct domain name may not be from WHO. Criminals can forge the “From” address on email messages to make them appear to be from ‘@who.int’. Please follow the steps from 2 to 6 below to prevent phishing.
WHO has implemented a new email security control called Domain-based Message Authentication, Reporting, and Conformance (DMARC) to significantly diminish this type of impersonation.
- Check the link before you click
Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
- Be careful when providing personal information
Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
- Do not rush or feel under pressure
Cybercriminals use emergencies such as the coronavirus disease (COVID-19) pandemic to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic
If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.