In Focus

Share

CAUTION: Phishing Incidents Reported

A number of phishing e-mails have been reported to the UNFCCC by CDM project participants.
The UNFCCC secretariat has also received sophisticated phishing e-mails.

Phishing is typically done through e-mail, ads, or by sites that look similar to sites one already uses. In our case, attackers sent out fraudulent emails that look like coming from the UNFCCC but aren’t – for example, from cdmregistration@unfccc-int.net: the user name could be legitimate but the domain is not the UNFCCC domain, which is unfccc.int. This is typically fraudulent, and shows that the attackers mimics the CDM processes to target our CDM Partners.

 The UN Climate Change secretariat has taken immediate action by: 

  • confirming that such emails are indeed fraudulent
  • reporting the impersonation and domain name abuse to the domain name registrar, to have this domain taken offline as soon as possible
  • reporting the incidents to Europol.

To recognize such phishing campaigns, it is important that one double-checks URLs and full email addresses, in particular where one is asked to share personal data. Phishing campaigns usually target information such as:

  • Usernames and passwords
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Birthdays
  • Etc.

In these instances, do not provide any personal data without confirming the website or email is legitimate. In the example above, project participants have noticed a fake domain, imitating the UNFCCC one. We hope that this domain will be taken offline immediately, but we call to all CDM participants and partners to remain vigilant as other fake domains may already exist or be created.

Please reach out to us, should you receive any fraudulent email. 

Resources:

How to recognize and protect yourself from phishing attack: