Security News > 2020 > May > Phishing attack spoofs World Health Organization to steal email credentials
One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19.
Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.
Displaying the WHO's familiar logo, the email states that the World Health Organization has sent you a message, inviting you to click a link for Open Message.
"This attack is targeted at people in general, and they appear to be trying to trick recipients into entering their real email credentials and phone number," Ken Liao, vice president of cybersecurity strategy for Abnormal Security, told TechRepublic.
"The attack doesn't specify which email credentials, so we're only making educated guesses at this point, but suspect that attackers have seen enough users enter that information to launch this attack as a campaign."
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)