Security News > 2020 > May > Phishing attack spoofs World Health Organization to steal email credentials
One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19.
Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.
Displaying the WHO's familiar logo, the email states that the World Health Organization has sent you a message, inviting you to click a link for Open Message.
"This attack is targeted at people in general, and they appear to be trying to trick recipients into entering their real email credentials and phone number," Ken Liao, vice president of cybersecurity strategy for Abnormal Security, told TechRepublic.
"The attack doesn't specify which email credentials, so we're only making educated guesses at this point, but suspect that attackers have seen enough users enter that information to launch this attack as a campaign."
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)