Since the spread of Ebola outside of Africa this year, the disease has been dominating the headlines. Unsurprisingly, scammers have tried to capitalize on the topic by sending out phony emails purportedly from the World Health Organization. The article reports that if you open the attachment, it will install a Trojan called DarkComet on your computer. DarkComet contains, among other features, keylogging and webcam hijacking functions.
I am not an expert on the topic of public health, so take the following with a grain of salt, but to me, the text of the e-mail doesn’t look as legitimate as the article says. The message says the following to its potential victims:
Dear (name of recipient),
The information and prevention listed in the attached file will help you and those around you stay safe.
There is an outbreak of Ebola and other diseases around that you know nothing about.
Download the World Health Organization file for more information on how to stay safe from Ebola and other preventable diseases
World Health Organization.
(Logo of World Health Organization)
First of all, the e-mails talks about prevention rather than prevention techniques. The actual World Health Organization’s site lists more than one way of preventing the spread of Ebola. This sentence sounds awkward, if not strictly speaking grammatically incorrect.
Second, the messages warns about “Ebola and other diseases around that you know nothing about.” Trying to warn against more than one disease without even naming the other diseases or explaining their relationship to Ebola, if any, would seem to dilute the effectiveness of the message. Assuming that the recipient knows nothing about the disease also sounds like an attempt to spread fear instead of an attempt to educate. If a single “prevention” can stop all these diseases that you know nothing about, it would have to be some prevention.
Third, there is no period after “and other preventable diseases.” Although it is possible for a prestigious organization to make such a simple mistake, it may raise a red flag.
Finally, if it seems odd that the WHO would send unsolicited e-mails telling people who may not even have given their email to the organization to open an attachment that supposedly contains helpful information, that’s probably because the e-mail isn’t from the WHO. I did a quick Google search and couldn’t even find an e-mail subscription function for the WHO. Feel free to correct me in the comments if I missed one.
In an earlier post, I cautioned against e-mails designed to exploit human emotions. Although the scam described by the Huffington Post isn’t strictly speaking a phishing scam, it nevertheless uses the same technique of using human emotion to induce you into taking a certain action; in this case, opening an attachment. This isn’t the first time scammers will try to take advantage of a disaster, and it most certainly won’t be the last.