The National Cyber Security Centre Finland’s weekly review – 17/2023
Information security now!
This week we talk about technical support scam calls and phishing messages impersonating the suomi.fi service.
Topics covered in this week’s review
- Technical support scam calls on the rise again
- Nefarious cluster of suomi.fi phishing messages
- Practice facilitating the reporting of vulnerabilities not yet widely adopted in Finland
- We are surveying the state of software security – respond to the questionnaire
Technical support scam calls on the rise again
Technical support scam calls, which have been occurring both in Finland and the rest of the world for a long time now, are once again plaguing Finnish organisations and private individuals. During the first quarter of 2023, the NCSC-FI received numerous reports of such calls coming from both foreign and spoofed Finnish numbers.
What is this about?
Technical support scam calls involve the caller claiming that they represent the technical support department of a reputable organisation. In most of the calls reported to the NCSC-FI, the caller claimed that they were calling from Microsoft’s or Amazon’s tech support and that the recipient’s computer had been infected with viruses. Eventually the caller would ask the victim to install a remote access application on their computer to help remove the viruses. In reality, the application could be malware in itself or the scammer was attempting to create a so-called backdoor on the victim’s device, allowing them to access the device without the victim’s knowledge in future.
Scam callers can also claim to represent other parties in an attempt to get the victim to disclose account information, bank credentials or other personal data. The scammer will often claim that the matter is urgent on the pretext of the victim’s computer having been infected with malware or there being a problem with their bank credentials.
How to identify a scam call
- The caller’s matter is urgent.
- The caller asks you to install an application or download an installation package on your device.
- The call comes from a foreign number.
- The call comes from a Finnish number, but the caller speaks English.
- The caller will not answer questions consistently or at all.
- The caller requests direct access to your online bank account or ask for personal data, for example.
How to protect yourself against scams
- You can opt not to answer calls from unknown numbers and check the numbers afterwards.
- Do not call back unknown numbers.
- If you are unsure about the caller’s identity or organisation, do not disclose any personal data to them.
- Do not install any applications or download any installation packages on your device if the caller asks you to do so.
- You can ask the caller questions. If they do not provide any answers or try to dodge your questions, you should hang up.
- If the caller claims to represent a familiar organisation, you can verify this by calling their service number.
- Remember that you can hang up at any time.
What to do if you become the victim of a scam
Nefarious cluster of suomi.fi phishing messages
On Friday 21 April, the NCSC-FI received dozens of reports of phishing messages impersonating the suomi.fi service. The sudden phishing campaign died down as quickly as it had started, with no new messages being reported after the weekend.
Arriving via email, the phishing messages all had the same subject: ‘Epäilyttävää toimintaa suomi.fi-ympäristössäsi’ (Finnish for ‘Suspicious activity in your suomi.fi environment’). The message itself claimed that the user’s “service” was involved in fraudulent activity. To help resolve the issue, the victim was asked to identify themself via an enclosed link. The link would take the victim to a phishing site made to look like the real suomi.fi identification page, with any bank credentials entered ending up in the hands of criminals.
These kinds of scam messages can sometimes be very convincing. If you are unsure about the sender of the message, be especially careful with any links included in the message. If the page that a link opens asks for your bank credentials, personal data or passwords, for example, you should ask another person for their opinion – is the message some kind of scam?
If you ended up entering your bank credentials on a suspicious site or lost money to scammers some other way, immediately contact your bank.
Practice facilitating the reporting of vulnerabilities not yet widely adopted in Finland
How and to whom do I report a vulnerability that I have discovered? How will I find out when someone else discovers a vulnerability in my organisation’s online service? How can my organisation agree on common rules with the discoverer of a vulnerability when we do not even know each other? Offering solutions to these challenges is a proposed new practice that involves organisations always publishing their contact details and policies regarding vulnerabilities in the same place.
This practice was studied in a thesis project carried out for the NCSC-FI. The resulting article also includes tips for publishing a security.txt file, which were prepared in light of the results of the study.
The study shows that the practice is still rarely used in Finland, with only 2.2 per mille of the .fi domain names registered to Finnish organisations examined in the study having published a security.txt file by February 2023.
Read more (in Finnish): Practice facilitating the reporting of vulnerabilities not yet widely adopted in Finland
We are surveying the state of software security – respond to the questionnaire
The NCSC-FI is currently surveying the state of software security in Finland. In addition to surveying the current situation, we are hoping to collect information on pain points and good practices that could help us support companies and other organisations.
The purpose of the questionnaire is to survey Finnish organisations’ views regarding software security from the perspective of both software development and procurements. The questionnaire is part of a larger project surveying the state of software security in Finland, which will serve as a basis for planning support measures for the sector.
Read more and respond to the questionnaire (in Finnish).
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 21–27 April 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.