Security News > 2020 > May > Phishing attack spoofs World Health Organization to steal email credentials
One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19.
Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.
Displaying the WHO's familiar logo, the email states that the World Health Organization has sent you a message, inviting you to click a link for Open Message.
"This attack is targeted at people in general, and they appear to be trying to trick recipients into entering their real email credentials and phone number," Ken Liao, vice president of cybersecurity strategy for Abnormal Security, told TechRepublic.
"The attack doesn't specify which email credentials, so we're only making educated guesses at this point, but suspect that attackers have seen enough users enter that information to launch this attack as a campaign."
News URL
Related news
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)