During the Covid19 pandemic, remote working has become a necessity to save lives. The main channel of communication with colleagues and external partners is now via email. This can increase your risk to Phishing attacks, where criminals ‘fish’ for information through misleading emails.
How does phishing work?
The criminals will pose as colleagues, or external stakeholders, asking you to click on links in emails, which will infect your computer with a virus. The purpose of the virus is to give the criminals access to your computer’s usernames, passwords, business-sensitive information and your emails.
In one recent OIG investigation, a staff member at an implementer of Global Fund grants received such a phishing email. After clicking on the link, their computer was infected, allowing criminals to access their email account. Pretending to be Global Fund suppliers, the criminals instructed the staff member to make a payment for an upcoming purchase of tuberculosis diagnostic equipment to a foreign bank account – the money was transferred to the criminals, rather than the real supplier.
Red flags to look out for:
– Emails asking you to click on links or open attachments
– Web links leading to unfamiliar sites
– Being asked for personal information
– The sender doesn’t address you by name
What can you do to protect yourself?
Following a few simple steps can protect you from phishing attacks.
– Ensure your browser and antivirus software is up to date.
– Check the email address carefully, often there is a spelling mistake in the sender name.
– Hover over a link to check where it leads. Instead of clicking on a link, go to the organization’s webpage and log-in there.
– Before entering information into an online form, make sure the site’s URL begins with “https” and that there’s a closed lock icon in the address bar.
What should you do?
If you think you have been the victim of a phishing attack impacting Global Fund grants, you should report it immediately. You can submit a confidential complaint to us online, by phone, by email or by letter.