Coronavirus (Covid-19) has occupied the centre stage of global media attention. This has resulted in the creation of countless URL links, audios, audio-visuals, infographics and pictographs. These forms of communication are being circulated across various media platforms, especially social media, aiming to give updates on recorded cases, available remedies, and general information on the pandemic.
Meanwhile, criminals are capitalising on the Covid-19 information buzz to steal personal and sensitive information, and monies from unsuspecting individuals. Scammers send URL links purported to originate from trusted institutions such as the World Health Organisation (WHO) and the US Center for Disease Control (CDC).
Unfortunately, these links lead to malicious websites and apps which request for visitors’ email or personal details in order to receive real time information or donate funds to fight the pandemic. Complying with the request then leads to the stealing of information; downloading of harmful malware or the hacking of various digital devices used to access the links.
In some countries other than Ghana, some of these links may even promise visitors tax refunds, vaccines or cure against the disease at cut-throat prices. This may be done when one is asked to verify their identity or click on affiliated links.
In order to combat the activities of criminals in these times and prevent fear mongering, the World Health Organisation (WHO) calls on the public to know that its emails and communications materials will:
- Never ask for your username or password to access safety information
- Never add email attachments one did not ask for
- Never ask one to visit a link outside of www.who.int
- Never charge money to apply for a job, register for a conference, or reserve a hotel
- Never conduct lotteries or offer prizes, grants, certificates or funding through email.
When it comes to donations towards Covid-19, the WHO website provides COVID-19 Solidarity Response Fund as the only official link through which donations could be made.
Finally, the WHO also outlines the following to prevent phishing:
- Verify the sender by checking their email address:
Make sure the sender has an email address such as ‘[email protected]’ Anything other than ‘who.int’ after the ‘@’ symbol is an indication that the sender is not from WHO.
- Check the link before you click:
Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
- Be careful when providing personal information:
Always consider why someone wants your information and if it is appropriate. There is no reason why someone would need your username & password to access public information.
- Do not rush or feel under pressure:
Cybercriminals use emergencies such as Covid-19 to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic:
If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them. If you see a scam, report it.