Why coronavirus scammers can send fake emails from the WHO
Organizations could prevent domain spoofing, but many don't.
Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork
Read more here: https://www.vox.com/recode/2020/4/2/21202852/coronavirus-scam-email-who-spoofing-domain-dmarc
During the coronavirus pandemic, scammers have sent several emails using the domain of the World Health Organization. Some are addressed from Tedros Adhanom Ghebreyesus, the director-general of the WHO, and carry attachments that can install malware on the victim’s device. Others announce a coronavirus cure that you can read all about in an attachment. They each appear to be sent from the WHO's who.int email address.
If it seems like it shouldn’t be this easy to impersonate a leading global health institution, you’re right. There is a way for organizations and companies to prevent spoofing of their domain using a free authentication system called DMARC, but the WHO, like many other companies and organizations, hasn’t done it.
Sources:
DHS Binding Directive: https://cyber.dhs.gov/bod/18-01/
DMARC status of industries: https://www.valimail.com/resources/domain-spoofing-declines-as-protective-measures-grow/
What is DMARC: https://www.valimail.com/dmarc-monitor/what-is-dmarc/
"Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems" http://people.cs.vt.edu/gangwang/survey.pdf
"End-to-End Measurements of Email Spoofing Attacks" https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf
"Coronavirus-related Lures Comprise More Than 80 Percent of the Threat Landscape" https://www.proofpoint.com/us/threat-insight/post/threat-snapshot-coronavirus-related-lures-comprise-more-80-percent-threat
"Covid-19 Drug Advice From the WHO Spoofed to Distribute Agent Tesla Info-Stealer" https://exchange.xforce.ibmcloud.com/collection/Covid-19-Drug-Advice-From-The-WHO-Disguised-As-HawkEye-Info-Stealer-2f9a23ad901ad94a8668731932ab5826
Open Sourced is a year-long reporting project from Recode by Vox that goes deep into the closed ecosystems of data, privacy, algorithms, and artificial intelligence. Learn more at http://www.vox.com/opensourced
Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork
This project is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.
Watch all episodes of Open Sourced right here on YouTube: http://bit.ly/2tIHftD
Vox.com is a news website that helps you cut through the noise and understand what's really driving the events in the headlines. Check out http://www.vox.com.
Subscribe to our channel! http://goo.gl/0bsAjO
Watch our full video catalog: http://goo.gl/IZONyE
Follow Vox on Facebook: http://goo.gl/U2g06o
Or Twitter: http://goo.gl/XFrZ5H
Видео Why coronavirus scammers can send fake emails from the WHO канала Vox
Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork
Read more here: https://www.vox.com/recode/2020/4/2/21202852/coronavirus-scam-email-who-spoofing-domain-dmarc
During the coronavirus pandemic, scammers have sent several emails using the domain of the World Health Organization. Some are addressed from Tedros Adhanom Ghebreyesus, the director-general of the WHO, and carry attachments that can install malware on the victim’s device. Others announce a coronavirus cure that you can read all about in an attachment. They each appear to be sent from the WHO's who.int email address.
If it seems like it shouldn’t be this easy to impersonate a leading global health institution, you’re right. There is a way for organizations and companies to prevent spoofing of their domain using a free authentication system called DMARC, but the WHO, like many other companies and organizations, hasn’t done it.
Sources:
DHS Binding Directive: https://cyber.dhs.gov/bod/18-01/
DMARC status of industries: https://www.valimail.com/resources/domain-spoofing-declines-as-protective-measures-grow/
What is DMARC: https://www.valimail.com/dmarc-monitor/what-is-dmarc/
"Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems" http://people.cs.vt.edu/gangwang/survey.pdf
"End-to-End Measurements of Email Spoofing Attacks" https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf
"Coronavirus-related Lures Comprise More Than 80 Percent of the Threat Landscape" https://www.proofpoint.com/us/threat-insight/post/threat-snapshot-coronavirus-related-lures-comprise-more-80-percent-threat
"Covid-19 Drug Advice From the WHO Spoofed to Distribute Agent Tesla Info-Stealer" https://exchange.xforce.ibmcloud.com/collection/Covid-19-Drug-Advice-From-The-WHO-Disguised-As-HawkEye-Info-Stealer-2f9a23ad901ad94a8668731932ab5826
Open Sourced is a year-long reporting project from Recode by Vox that goes deep into the closed ecosystems of data, privacy, algorithms, and artificial intelligence. Learn more at http://www.vox.com/opensourced
Join the Open Sourced Reporting Network: http://www.vox.com/opensourcednetwork
This project is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.
Watch all episodes of Open Sourced right here on YouTube: http://bit.ly/2tIHftD
Vox.com is a news website that helps you cut through the noise and understand what's really driving the events in the headlines. Check out http://www.vox.com.
Subscribe to our channel! http://goo.gl/0bsAjO
Watch our full video catalog: http://goo.gl/IZONyE
Follow Vox on Facebook: http://goo.gl/U2g06o
Or Twitter: http://goo.gl/XFrZ5H
Видео Why coronavirus scammers can send fake emails from the WHO канала Vox
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How Racist Am I?How long can we expect COVID-19 pandemic to last?Can Cruise Lines Recover From Coronavirus?Computers just got a lot better at writingWhy paid sick leave is essential to beating coronavirusCoronavirus is not the flu. It's worse.What Coronavirus Means For Automation And The Future Of JobsFacebook showed this ad to 95% women. Is that a problem?How to Spot Any Spoofed & Fake Email (Ultimate Guide)Is Beauty Culture Hurting Us? - Glad You Asked S1How Does the Internet Work? - Glad You Asked S1Who Pays for Health Care? Depends on Where You Live | WSJBest Virus Outbreak movies to watch during Self Isolation12 Days of Defense - Day 4: How to Analyze Email Headers and How Spoofed Email WorksBeing our best selves during coronavirusCoronavirus Pandemic: The reason behind Germany's low fatality rateEmpty middle seats on planes won't stop the coronavirusHow To Create A Free Website - with Free Domain & HostingLet's Go Ambient ScambaitingCalling Scammers by their real names