WHO提示谨防利用新冠肺炎疫情/COVID-19/Coronavirus的诈骗邮件及钓鱼外贸开发信，你和你的客户都需要防范

红板砖最近注意到一些外贸人开始收到一些关于新冠肺炎疫情/COVID-19/Coronavirus的诈骗邮件及钓鱼外贸开发信，再次我们提醒大家一定要仔细。

另外，你可以考虑把下面的英文内容或来自WHO官网的链接发给你正在接触或交易的客户，也善意地提醒他们注意，避免造成损失。【开发信模板在页面底部】

目前浏览世卫组织（WHO）网站就可以发现在新冠疫情专题下WHO特地增添了“新冠病毒骗局警报”环节，提醒各界谨防冒充WHO的各种犯罪行为。

WHO警示不法分子会冒充WHO来盗取钱财或敏感信息，WHO指出“如有人或组织以WHO的名义与你联系，请先确认他们的身份。”

目前有不法分子利用新冠肺炎疫情/COVID-19/Coronavirus议题发送可疑电子邮件，即网络钓鱼行为，并要求收到信件的人提供敏感信息，例如用户名或密码，点击恶意链接或查看恶意附件，通过这些方式，不法分子就能安装恶意软件或盗取敏感信息。

判别的方式是确认发件人的邮箱地址是否是 “人名@who.int”。如果在“@”符号后的内容不是“who.int”，则表明该邮件不是WHO发的。

WHO提示防范网络钓鱼

WHO提出在接到前上述可以电子邮件后，必须要确认发件人的邮箱地址。譬如，WHO不会从以“@who.com”、“@who.org”或“@ who-safety.org”结尾的地址发送电子邮件。

同时也许确认需要点击的链接，需确认链接是否以“https://www.who.int”开头。最好在浏览器中输入“https://www.who.int”直接导航到WHO官网查看。

WHO提醒道，在提供个人信息时要提高警惕，“请想一下为什么有人想要你的个人信息，该做法是否合理。对任何要求提供用户名和密码来访问公共信息的做法都是不合理的。”

重要的一点在于，“不要着急或感到有压力”。网络诈骗犯利用诸如新冠冠状病毒之类的紧急事件来促使人们快速做出决定。“请在提供个人信息前花些时间考虑这些要求是否合理。”

WHO并着重指出以下六点，

1. WHO不会要求你登录查看安全信息，
2. WHO不会以电子邮件的形式向你发送未曾要求的链接。
3. WHO不会要求你访问官方网站（www.who.int）及官方社交媒体账号（例如本微博账号）以外的链接；
4. WHO不会以付费的形式进行职位申请、会议注册或酒店预定；
5. WHO不会以电子邮件的形式进行抽奖、奖品赠送、津贴补助、证书或资金的颁发。
6. 请警惕不法分子通过电子邮件、网站、电话、短信和传真进行的诈骗行为。

WHO提示如已经提供了敏感信息，也不要慌。

“如果你怀疑自己已经向网络诈骗犯提供了用户名或密码，请立刻在每个使用过该用户名或密码的网站上进行修改。”WHO并指出，“如遇到诈骗行为，请向我们举报。”

以上内容来自：第一财经

英文原文链接：https://www.who.int/about/communications/cyber-security

Beware of criminals pretending to be WHO

Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.

The World Health Organization will:

• never ask you to login to view safety information
• never email attachments you didn’t ask for
• never ask you to visit a link outside of www.who.int
• never charge money to apply for a job, register for a conference, or reserve a hotel
• never conduct lotteries or offer prizes, grants, certificates or funding through email
• never ask you to donate directly to emergency response plans or funding appeals.
• Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.

You can verify if communication is legit by contacting WHO directly.

• Contact WHO
• Report a scam 

Phishing: malicious emails appearing to be from WHO

WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency. This fraudulent action is called phishing.

These “Phishing” emails appear to be from WHO, and will ask you to:

• give sensitive information, such as usernames or passwords
• click a malicious link
• open a malicious attachment.

Using this method, criminals can install malware or steal sensitive information.
How to prevent phishing:

1. Verify the sender by checking their email address.

Make sure the sender has an email address such as ‘person@who.int’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.

WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’ for example.

2. Check the link before you click.

Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.

3. Be careful when providing personal information.

Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.

4. Do not rush or feel under pressure.

Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.

5. If you gave sensitive information, don’t panic.

If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.

6. If you see a scam, report it.

If you see a scam, tell us about it.