Why coronavirus scammers can send fake emails from the WHO

  • 🎬 Video
  • ℹ️ Description
Why coronavirus scammers can send fake emails from the WHO 5
UCLXo7UDZvByw2ixzpQCufnA

Organizations could prevent domain spoofing, but many don't.




If it seems like it shouldn’t be this easy to impersonate a leading global health institution, you’re right. There is a way for organizations and companies to prevent spoofing of their domain using a free authentication system called DMARC, but the WHO, like many other companies and organizations, hasn’t done it.



Sources:




This project is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.




💬 Comments on the video
Author

UPDATE: As of May 12, 2020 WHO.int has set a DMARC policy of “reject, ” to prevent spoofing of their domain.

Author — Vox

Author

Imagine experiencing a global pandemic and thinking “How can I scam the elderly and people who don’t know better”

Author — OmicronGaming

Author

Yeah, I haven't trusted email in a long time. If it looks legit I'll go to their actual website without following any links in the email.

Author — Jack Evans

Author

As an internet nerd who’s across this stuff: you did an amazing job of explaining this simply! One thing I might emphasise is that while Domain owners(such as the WHO) have to publish DMARC records, your email company also has to actually do the checking process on incoming emails. Most big providers like Gmail do this, but smaller ones may not. You kind of mentioned this in your bar analogy as “every bar is going to make a slightly different decision”, but thought I’d just add a bit more.

Author — Cameron Steel

Author

“So the White House is violating its own policy”
This is America. Why are you so surprised?

Author — Just someone Else

Author

Coronavirus: happens
Scammers: “it’s free real estate”

Author — Leo

Author

So I guess you could say...we’ll never know who is who?

Author — Toastwig

Author

Just watching the clip explaining vox email makes me extremely worried that the government is trying to get rid of encryption. I would love for you guys to talk about the encryption bill going around

Author — C L

Author

no real company is just going to email you and ask you to send them money, even if their email looks legit.
I don't trust any emails anymore.

Author — BOOTSTRAP

Author

The last time I was this early these scammers were Nigerian princes

Author — Ziovo

Author

If you want to check if an email has been authenticated with DMARC, click on "Show original" in Gmail, "View message source" in Outlook, or "View Raw message" in Yahoo, and search for "dmarc."

Author — Vox

Author

When Vox has more security measures than White House and WHO

Author — Lizard Gandalf

Author

"So the White House is violating its own policy"
My level of surprise will appear on my face right about

Author — Gearcortex

Author

WHO has already lost all credibility, They are scammers themselves.

Author — Waylen

Author

I really miss those emails about the dying african prince who wanted to give you all his money...good ol' days

Author — Mossy

Author

Well i just realised that my college server is not secure ... Free holiday 😂

Author — elnino rosario

Author

So I can flex on everybody with WHO domain? Nice!

Author — Qwarz Atarz

Author

"The white house is violating its own policy" not the first time.

Author — R Jose

Author

Last time i was that early those scammers only used to call

Author — BP Codes

Author

Ngl, the people who intentionally scam during this pandemic are truly evil

Author — FruDe Games