LOADING ...

Why coronavirus scammers can send fake emails from the WHO

Apr 02, 2020

Thumbs

Why coronavirus scammers can send fake emails from the WHO
Why coronavirus scammers can send fake emails from the WHO thumb Why coronavirus scammers can send fake emails from the WHO thumb Why coronavirus scammers can send fake emails from the WHO thumb

Description

Organizations could prevent domain spoofing, but many don't.

Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork

Read more here: https://www.vox.com/recode/2020/4/2/21202852/coronavirus-scam-email-who-spoofing-domain-dmarc

During the coronavirus pandemic, scammers have sent several emails using the domain of the World Health Organization. Some are addressed from Tedros Adhanom Ghebreyesus, the director-general of the WHO, and carry attachments that can install malware on the victim’s device. Others announce a coronavirus cure that you can read all about in an attachment. They each appear to be sent from the WHO's who.int email address.

If it seems like it shouldn’t be this easy to impersonate a leading global health institution, you’re right. There is a way for organizations and companies to prevent spoofing of their domain using a free authentication system called DMARC, but the WHO, like many other companies and organizations, hasn’t done it.

Sources:
DHS Binding Directive: https://cyber.dhs.gov/bod/18-01/
DMARC status of industries: https://www.valimail.com/resources/domain-spoofing-declines-as-protective-measures-grow/
What is DMARC: https://www.valimail.com/dmarc-monitor/what-is-dmarc/
"Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems" http://people.cs.vt.edu/gangwang/survey.pdf
"End-to-End Measurements of Email Spoofing Attacks" https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf
"Coronavirus-related Lures Comprise More Than 80 Percent of the Threat Landscape" https://www.proofpoint.com/us/threat-insight/post/threat-snapshot-coronavirus-related-lures-comprise-more-80-percent-threat
"Covid-19 Drug Advice From the WHO Spoofed to Distribute Agent Tesla Info-Stealer" https://exchange.xforce.ibmcloud.com/collection/Covid-19-Drug-Advice-From-The-WHO-Disguised-As-HawkEye-Info-Stealer-2f9a23ad901ad94a8668731932ab5826

Open Sourced is a year-long reporting project from Recode by Vox that goes deep into the closed ecosystems of data, privacy, algorithms, and artificial intelligence. Learn more at http://www.vox.com/opensourced

Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork

This project is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Watch all episodes of Open Sourced right here on YouTube: http://bit.ly/2tIHftD

Vox.com is a news website that helps you cut through the noise and understand what's really driving the events in the headlines. Check out http://www.vox.com.

Subscribe to our channel! http://goo.gl/0bsAjO
Watch our full video catalog: http://goo.gl/IZONyE
Follow Vox on Facebook: http://goo.gl/U2g06o
Or Twitter: http://goo.gl/XFrZ5H