×
Loading in progress

Why coronavirus scammers can send fake emails from the WHO

1 member

Organizations could prevent domain spoofing, but many don't.

Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork

Read more here: https://www.vox.com/recode/2020/4/2/21202852/coronavirus-scam-email-who-spoofing-domain-dmarc

During the coronavirus pandemic, scammers have sent several emails using the domain of the World Health Organization. Some are addressed from Tedros Adhanom Ghebreyesus, the director-general of the WHO, and carry attachments that can install malware on the victim’s device. Others announce a coronavirus cure that you can read all about in an attachment. They each appear to be sent from the WHO's who.int email address.

If it seems like it shouldn’t be this easy to impersonate a leading global health institution, you’re right. There is a way for organizations and companies to prevent spoofing of their domain using a free authentication system called DMARC, but the WHO, like many other companies and organizations, hasn’t done it.



Sources:
DHS Binding Directive: https://cyber.dhs.gov/bod/18-01/
DMARC status of industries: https://www.valimail.com/resources/domain-spoofing-declines-as-protective-measures-grow/
What is DMARC: https://www.valimail.com/dmarc-monitor/what-is-dmarc/
"Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems" http://people.cs.vt.edu/gangwang/survey.pdf
"End-to-End Measurements of Email Spoofing Attacks" https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf
"Coronavirus-related Lures Comprise More Than 80 Percent of the Threat Landscape" https://www.proofpoint.com/us/threat-insight/post/threat-snapshot-coronavirus-related-lures-comprise-more-80-percent-threat
"Covid-19 Drug Advice From the WHO Spoofed to Distribute Agent Tesla Info-Stealer" https://exchange.xforce.ibmcloud.com/collection/Covid-19-Drug-Advice-From-The-WHO-Disguised-As-HawkEye-Info-Stealer-2f9a23ad901ad94a8668731932ab5826


Open Sourced is a year-long reporting project from Recode by Vox that goes deep into the closed ecosystems of data, privacy, algorithms, and artificial intelligence. Learn more at http://www.vox.com/opensourced

Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork

This project is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Watch all episodes of Open Sourced right here on YouTube: http://bit.ly/2tIHftD

Vox.com is a news website that helps you cut through the noise and understand what's really driving the events in the headlines. Check out http://www.vox.com.

Subscribe to our channel! http://goo.gl/0bsAjO
Watch our full video catalog: http://goo.gl/IZONyE
Follow Vox on Facebook: http://goo.gl/U2g06o
Or Twitter: http://goo.gl/XFrZ5H

Next episode
S01E1139 - The 8-bit arcade font, deconstructed
See the episode

Episodes (1595)

Season 1

Similar shows (10)

Explained
Explained
Les évadés du bureau
Les évadés du bureau
Vsauce
Vsauce
Psych2Go
Psych2Go
100 amis
100 amis
Darren fait une dépression, la websérie londonienne
Darren fait une dépression, la websérie…
Sans gêne
Sans gêne
Ça rime à rien
Ça rime à rien
Deux Italiens à Paris
Deux Italiens à Paris
Sexe opposé
Sexe opposé