TORONTO -- As cases of the novel coronavirus spread around the world, scammers are attempting to profit off of concerns and paranoia by posing as health officials in online scams.

On Saturday, the World Health Organization (WHO) warned that cybercriminals are disguising themselves as WHO representatives in an effort to steal money and personal information from individuals and organizations.

These types of malicious emails, commonly referred to as phishing scams, may appear to come from the WHO and ask for sensitive information, such as usernames or passwords, or ask users to click on suspicious links or open malicious attachments.

In some cases, scammers are asking for direct donations to emergency response plans or funding appeals related to COVID-19, something the WHO says it does not do.

“If anyone is contacting by a person or organization claiming to be from the Organization, they should take steps to verify their authenticity,” the WHO said in a statement.

“WHO firmly states that it never does any of these things, and warns that scams can come in the form of emails, websites, phone calls, text messages, and even fax messages.”

According to its website, the WHO will never:

  • Ask you to log in to view safety information
  • Send email attachments you didn’t ask for
  • Ask you to visit a link outside of
  • Ask you to donate directly to emergency response plans or funding appeals

The WHO notes that these types of scams are likely to continue as the new virus spreads around the globe. As of Monday, more than 88,000 cases of COVID-19 had been confirmed worldwide, though the WHO stopped short of calling the outbreak a pandemic.

As of Tuesday morning, the Canadian Anti-Fraud Centre told that it has not received any reports of these phishing scams involving Canadians.

It added that while departments vary, federal and provincial agencies would likely only contact a citizen directly to inform them if they’d been on a flight or in an area with someone who tested positive for the virus.

“Always be wary of unsolicited and urgent request for personal information,” a spokesperson for the centre said in an email to “Do not provide personal information over the phone or through email if you don't know who you are dealing with. Ask questions and confirm everything before proceeding.”


One of the most common ways that phishing scams will try to fool you is by using official company logos or insignias. In some cases, the email or web address may appear to be that of the company or organization scammers are claiming to contact you from, but upon closer look it may be slightly altered or misspelled.

Often times these messages will try to trick you into providing account information, passwords, or even credit card information by using common phrases like “Verify your account,” or asking you to log in to view more information (as in the case of the WHO coronavirus scam).

Be sure to read any suspicious emails carefully and be on the lookout for poor spelling, punctuation and grammar -- a tell-tale sign of a scam.

Never click on a link included in a suspicious email. Scammers often use a legitimate web address in the hyperlinked text of the email, but once you click on the link it may take you to a malicious website.

You can test this by hovering your mouse over the link to see what URL is truly hyperlinked in the text.