WHO scam and other Corona related rip-offs on the net

Four WHO-related methods of cybercrime are current:

1. advance fee fraud
   Recipients with a greater interest in WHO are written to, promising all sorts of things. This type of scam has recently been thematically adapted to Corona, but in principle remained the same trick as before the pandemic. Thus, grants, scholarships, certificates, lottery winnings or profits in connection with an advance payment are promised in the name of the WHO and/or payment of registration fees and hotel reservations for a WHO meeting are demanded.
2. dangerous file attachment
   The target group for scams with a WHO theme has become much broader since Corona. In mid-March, a request circulated via email to read a file attachment with official WHO information on how to protect oneself from the virus. When this attachment is opened, malware is then installed on the recipient's computer or smartphone.
3. appeal to conscience by fraudsters
   Another modus operandi is to play on the mercy of helpful people. In messages, crooks try to get victims to help finance the distribution of an alleged vaccine for children in China. The fact that there is still no vaccine is apparently unclear to many. Fake appeals for donations by scientists, often with a WHO background, go in a similar direction, in order to be able to push ahead with research. Such "donation" appeals increasingly contain instructions to make the payment via Bitcoin.
4. desire for self-protection abused as motive
   Emails are often written in such a way that recipients become curious and log into deceptively real-looking websites in order to obtain supposedly exclusive information and expert knowledge from official UN agencies, disease prevention agencies or the WHO. When trying to log in to the fake website, passwords are stolen and there is a risk of identity theft. This way of obtaining data is called phishing.

If you are unsure whether the WHO message is genuine, you can contact them or report the abuse.

The WHO 

• never asks you for your username or password to access security information
• never send unsolicited e-mail attachments
• never prompts to visit a link outside www.who.int
• never asks for money to apply for a WHO job, register for a conference or book a hotel
• never runs lotteries or offers prizes, scholarships, certificates or funding via email
• only uses emails with the exclusive ending who.info after the @ and never others, such as who.org or who.com
• operates only one official fundraiser

Other Covid-19 Scams:

Corona-related scams often include the online giant Amazon. Either an attempt is made to imitate the Amazon page and in this case a bottle of hand disinfectant is offered free of charge (again phishing), or a pseudo remedy with the untrue addition "approved by WHO" is sold on the real Amazon page. According to its own information, Amazon has deleted over a million overpriced offers or those with untrue efficacy claims regarding SARS-Cov2. For example, there is currently no effective SARS-Cov2 self-test for home use.

Some COVID-19 related scams also specifically target mobile phones. Malicious apps are circulating that supposedly track the spread of COVID-19 in real time. Thus, one would be alerted when the threat grows nearby. This Android app, based on the spy software SPYMAX, can access the microphone and camera itself and scan messages for contacts.

Criminal text messages circulating claim to provide interested parties with free Red Cross masks or a financial aid package for victims through a government bank deposit. Do not respond to such nonsense and do not follow any links contained therein. 

In principle, tried and tested scamming methods are adapted to Corona in terms of content. Particularly brazen is the variant that criminals have adapted from the "Sextortion'" blackmail method to COVID-19:

"I know every dirty little secret about your life. To prove my point, tell me, does it ring a bell when I say [...] to you? It was one of your passwords. I know where you live, who you talk to and how you spend your days [...] You have to pay 3,000 euros. You will make the payment by Bitcoin [...] If I don't receive the payment, every member of your family will be infected with the corona virus."

As the crisis continues, more scam waves are expected. In the USA, for example, there is currently a series of email scams selling non-existent Corona health insurance. It is usually only a matter of time before criminals translate the scam and use it in other countries.