This week we talk about phishing attacks that involve scammers impersonating banks and malware spread via email. We also provide a refresher on what to take into account when a child receives their first smart device.
The summer holiday season of schools and daycare centres is set to bring a number of new users into the online world once again as a result of many schoolchildren receiving their first smart devices. The thing to remember is that responsibility for the use of these devices and learning their safe operation always rests with the parent. As such, it is a good idea to explore the new operating environment together with your child, in the same way that you would practice their route to school and how to navigate traffic.
A child receiving their first smartphone also presents a good opportunity for an adult to refresh their memory on how to protect their own and their child’s data in the global environment that the pocket-sized device provides access to. The old adage of “anything you post online stays there forever” still rings true today. Children are quick to learn, so teaching them the right ways of doing things is considerably easier than it is for an adult to unlearn their old, ‘wrong’ ways of doing things. And seeing as how children are so quick to learn, adults also need to keep up with the ‘rules’ and topical matters of the online world.
In early 2023, we published a new translation of the Safe on the Internet guide (in Finnish) prepared by Brazilian information security authorities. Presented in the form of an activity book, the guide is ideal for children of primary school age, in particular. There is also a separate guide for adults that supports parents when their child is learning to navigate the internet safely. The guides make it easy to discuss the benefits and dangers of the new operating environment in a language that children will understand.
Over the past week, the NCSC-FI has received dozens of reports of various types of scam messages supposedly sent by a Finnish bank. The sender can be something like ‘OP Petospalvelu’, ‘OPFI Peruutuspalvelu’ or ‘Turvallisuus-OP’.The messages attempt to scare the user with various information security problems and prompt them to click a link. Clicking the link in the email takes the user to a fake sign-in page intended to phish for bank credentials.
Here are some examples of the subjects of the scam messages: ‘Tärkeää huomiota tilisi turvallisuuteen’ (‘Important notice concerning the security of your account’), ‘Tärkeä ilmoitus: huomioi tilisi turvallisuus’ (‘Important notice: consider the security of your account’) and ‘Tilisi turvallisuus on tärkeää: Huomioitava tiedote’ (‘The security of your account is important: Take notice’).
A customer of another bank also reported on a more complex scam, in which an initial text message was followed by a phone call. The text message warned the customer of a suspicious login attempt from Western Finland and said that the bank would be calling them soon. After this, the customer received a phone call from a Finnish number, during which a person presenting themself as an employee of the bank tried to pressure the customer into transferring money to a ‘security account.’ In reality, this ‘security account’ belongs to criminals. The scammers can be very convincing and believable.
The NCSC-FI works actively to take phishing sites offline. As such, it is a good idea to report any phishing messages that you might receive to the NCSC-FI. (External link) If you have entered your bank credentials on a fake website, contact your bank as soon as possible. If criminals have managed to take money from your account, file a police report.
Over the past week, we have received increasing numbers of reports of malware spread through email attachments. In the reported cases, the email itself was written in poor Finnish and the message included an attachment with the file extension .rar, which, when opened, turned out to actually be an .exe file. According to our observations, it is possible that in at least some of the cases the attachment was a malware downloader known as GuLoader, the purpose of which is to download actual malware from widely used cloud services.
An example of the email message is provided below:
”Hyvää päivää, liitän tiliin, tarvitsemme laskusi. Terveisiä FIRSTNAME LASTNAME "telephone number" firstname.lastname@sender.fi<mailto:firstname.lastname@sender.fi> TITLE ORGANISATION”Information security company Check Point recently reported on a similar malware campaign in its article Cloud-Based Malware Delivery: The Evolution of GuLoader (External link).
The development of the digital operating environment is rapid, and as a result the cyber security threat landscape is also constantly changing. While it is a good idea to prepare for cyber threats in advance, organisations often find it difficult to define an appropriate level of cyber security. What is ‘enough’?
The Kybermittari service is centred around a maturity model that enables companies to systematically assess the current state of their cyber security and identify areas for improvement. Kybermittari helps companies and organisations achieve and maintain a level of cyber security corresponding to the threat landscape.
The latest version of Kybermittari comes with new features that facilitate the use of the tool, the reporting of observations to support decision-making and the repeatability of the assessment. As has been the case thus far, Kybermittari continues to be developed based on feedback received from the field, the cyber security sector and stakeholders.
We will be organising various types of training sessions during the summer and autumn that provide more information on the use of Kybermittari. Sign up for the presentation and training events taking place this summer and autumn! (External link) (in Finnish)
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 26 May–1 June 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.
