Abnormal Attack Stories: WHO Impersonation
What was the attack?
- Setup: The COVID-19 pandemic has been ongoing for months now, and people are consistently waiting for new updates and information on new developments.
- Email attack: This attacker is impersonating the World Health Organization by sending an email to the victim with a supposed message from them. This email contains a link to a webpage imitating the World Health Organization homepage with a login pop-up.
- Payload: The URL of the fake World Health Organization website is obfuscated by text asking victims to click to open a supposed message from the WHO. When victims go to the fake WHO website, they are asked to sign in with their email and password. If they do so, they are further prompted for their phone number before being redirected to the real WHO website.
- Result: Should victims fall for this attack, any information submitted on the fake WHO page will be sent to the attacker. Accounts and any information associated with submitted credentials will be jeopardized.
Posted on June 3, 2020