The subject of the email is "Coronavirus: Important information about precautions", contains a Word attachment (doc) and a generic text inviting you to read the document. In fact there is no useful information to take precautions against covid-19 virus, is only an attempt to Phishing, i.e. an attempt to computer scam based on social engineering.
The communication is curated, not done through an automatic translation, as often happens in these cases. The message is signed by such Dr. Penelope Marchetti (World Health Organization). These precautions make the deception not immediately identifiable. Luckily, a quick Google search is enough to ensure that there is no healthcare professional with that name at theWHO.
For its part, the UN agency has provided useful information on its website to defend itself and try to stem the problem. These are common sense recommendations and a minimum of "techniques". Emails of dubious origin or simply "suspicious", should be carefully examined before taking any action that takes the user out of the context of the specific message received.
First, you need to check thesender's address. Secondly, you have to ask yourself if the referring domain really exists or if it is just a domain that “sounds right”. Also there date and time of sending may be a sign of probable counterfeiting. Most of the software that allows you to send "fake mail", is not able to deceive the internal clocks of the servers unless it reports improbable times such as 00:00 or 24:00 exactly. In the case of WHO, the specific domain is “@who.int”. If the sender's email does not include this domain, the message is not from WHO.
Sometimes the links indicated are actually the right ones or those that anyone would expect to find, but they are fake, they are "facade" addresses. By clicking on the proposed URLs, if you do not observe what is happening in the address bar of your browser, you could be redirected to other sites that have nothing to do with those used as screens. If in doubt whether it is a fraudulent redirects, just write down the address and rewrite it by hand in the browser. This is the safest and risk-free procedure.
A procedure that requiresentering information confidential or otherwise sensitive personal data via email is at least suspicious. Cybercriminals use emergencies to trick people into acting on impulse and without thinking. Psychosis could lead to underestimating certain aspects which, with a cool head, would make anyone desist from following such an unorthodox path to ascertain the health state and public information.
In any case, even if you have fallen into the trap, it is advisable not to panic, but to proceed as soon as possible change all credentials linked to the data provided.
Going into technical details, the infection is a malware hidden in an encrypted JavaScript archive (JSE), of the family "ostap“, i.e. those viruses that manage to act as file downloaders (downloader). After having collected the victim's computer data, the virus ends its work by sending the files to servers which do not have a domain name and which are difficult to trace. Most likely, the combined action of phishing, together with that of malware, does nothing but fuel the most classic of databases with names, surnames, IP addresses and other information of unsuspecting surfers. These levies, apparently harmless, have a value in Dark web, the part not indexed by classic search engines, but then they are exploited for targeted scams and other illegal activities.
