40 comments

[ 2.7 ms ] story [ 109 ms ] thread
I was happy to see WHO has coronavirus.com.

Edit: Ha, not even owned by them.

I don't think they own it. Whoever does own it currently has it set to redirect, but it may not always do so.
not WHO owned, registered 2002, wow that's some foresight

now they are getting search rank by getting people to link to it and later they can redirect it or put whatever content they want on it

Not really. COVID-19 is not the first major coronavirus. SARS and MERS come to mind.

https://www.niaid.nih.gov/diseases-conditions/coronaviruses

Outside of those two (now 3), I thought also there were a bunch of relatively harmless coronaviruses that people just consider comparable to common cold.

Wikipedia says:

Coronaviruses were discovered in the 1960s.[8] The earliest ones discovered were infectious bronchitis virus in chickens and two viruses from the nasal cavities of human patients with the common cold that were subsequently named human coronavirus 229E and human coronavirus OC43.[9]

https://en.wikipedia.org/wiki/Coronavirus#Discovery

And later:

Coronaviruses are believed to cause a significant proportion of all common colds in adults and children.

The coronaviruses HCoV-229E, -NL63, -OC43, and -HKU1 continually circulate in the human population and cause respiratory infections in adults and children world-wide.

Don't worry, we won't be fooled again.
I was worried about my children when they called, but the Who told me the kids are alright.
> Make sure the link starts with 'https://www.who.int'

This should include a trailing slash, otherwise something like 'https://www.who.int.example.com' qualifies as “starts with 'https://www.who.int '”.

Edit: strangely, if I try to edit my comment above to remove the space between .int and ', HN serves me a 502 Bad Gateway.

(comment deleted)
(comment deleted)
(comment deleted)
--I'm writing this comment because I want to see if I can reproduce that bug.--

Well, I give up. Whether or not I get the error appears to not only depend on the text I'm trying to change to, but also the text I'm changing from. It does look like HN is trying to parse the URL, and is unhappy with a URL that ends with the three characters <'".>. But the weird hysteresis... I can't guess.

(How on earth am I supposed to quote a string like <'".>?)

> (How on earth am I supposed to quote a string like <'".>?)

Well, obviously... "'\"."

:)

After reading this story: https://www.wired.com/story/hackers-mom-broke-into-prison-wa... , one should also be wary of people claiming to be from the local health authorities.

Imagine that, people in hazmat suits barge in, claim someone called them from your office building, they're there to secure the building, etc, etc...

https://en.wikipedia.org/wiki/Social_engineering_(security)

If you ever need to be somewhere important put on a reflective vest and a hard hat and walk around with a clipboard saying excuse me excuse me and more often than not you can get right on thru.

This, and dumpster diving (what we called "trashing" back then) is how I learned how mainframes worked when I was young and not afraid of being caught.
I used to work in penetration testing. It’s funny (scary?) how far dressing business casual, carrying an open laptop, and claiming to be IT gets you.
I've done quite a few wireless surveys as a consultant in businesses, colleges, etc. I pretty much was never questioned when walking around, knocking on doors and going into offices with my laptop opened and saying that I was "scanning the wifi signal level for IT". I sometimes was given a set of keys and if they didn't work on a door I'd ask someone in the department there if they'd let me in.
I think at this point it's pretty obvious that WHO is being run by criminals, but thanks for the heads up anyway.
paranoid much? this is a super-easy, helpful thing to be aware of and you're just here to disparage? why did you even bother commenting? go for a walk or something because this is not a healthy way to act
At present, going for a walk isn't an especially healthy way to act either.
Condescending and personal attacks are not OK even if you are afraid.
Isn't point #1 and (partly) #2 incredibly dangerous? Sender field is easy to spoof, and while advice to go directly to their website is sound, it doesn't explain what "checking the link" actually entails, and many might not know a link in an email can say one thing and take you somewhere different.

So people reading this might be _more_ susceptible to future, more sofisticated, attempts of the same type, rather than less.

Receiving an email from @who.int isn't a guarantee that the email is legit, but it is a minimal requirement and they aren't claiming otherwise.
chuckle at the ironic title, better prep yourself if your country's CDC still listen to WHO for advice
I'm sure it works but it is an interesting angle for a scam.

I can't imagine a reason the WHO would contact me directly, ever.

Now my wife, she gets constant calls from the "FBI" demanding information. I mean that's hard to belive too (they're very mean and threatening but somehow have never found us...) but at least the FBI seems like a government organization that I would belive would have some sort of ... jurisdiction.

But I suppose when I have a lot of government related conversations with people and have to have the "that's not how it works ... at all" type discussions, I guess a lot of people just don't know.

My current favorite is Jerome Powell telling me I have a metric tonne of money to claim.

That said, WHO is an interesting choice. Would anyone really act based on their demands? edit. CDC seems better.

Depend on where the scam is performed. CDC is better than WHO in the US, but not in the rest of the world.
I kinda wonder what the overlap between people who know who Jerome Powell is and the people who would fall for this
It's probably the surprise factor they're going for. Some people will just be so startled that the WHO are calling them, they forget to ask questions like "does this make sense?".
Scammers are preselecting for people who would believe obvious lies. It doesn't make sense to even bother with "overly cautious", aware people like yourself.
Good point, they can probably accurately guage the chance of success in a few seconds with something absurd like that.