Criminals are disguising themselves as WHO to steal money or sensitive information.
If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.
The World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you didn’t ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.
The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund, which is linked to below. Any other appeal for funding or donations that appears to be from WHO is a scam.
COVID-19 Solidarity Response Fund
- Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.
- You can verify if communication is legit by contacting WHO directly.
Report a scam
Phishing: malicious emails appearing to be from WHO
- WHO is aware of suspicious email messages attempting to take advantage of the COVID-19 emergency.
- This fraudulent action is called phishing.
These “Phishing” emails appear to be from WHO, and will ask you to:
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
- Using this method, criminals can install malware or steal sensitive information.
How to prevent phishing:
- Verify the sender by checking their email address.
- Make sure the sender has an email address such as ‘firstname.lastname@example.org’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.
- For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’.
- Check the link before you click.
- Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
Be careful when providing personal information.
- Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
- Do not rush or feel under pressure.
- Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic.
- If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
- If you see a scam, report it to Police.
- to https://www.who.int/about/report_scam/en/