The National Cyber Security Centre Finland’s weekly review – 31/2023

Topics covered in this week’s review

• Spoofed messages being used to phish for online bank credentials
• Stay alert: secure email scam messages still prevalent
• Have you tried the new cyber exercise planning tool yet?
• Financial assistance for SMEs still available

Spoofed messages being used to phish for online bank credentials

There are currently phishing campaigns active online that involve criminals phishing for online bank credentials using spoofed messages made to look like they were sent by the Suomi.fi service and Osuuspankki. The email messages seemingly sent by the Suomi.fi service urge the recipient to read the message immediately, citing a ‘technical error’ and ‘security reasons.’ Some of the messages have also included the Finnish lion symbol in an attempt to add to their credibility. This is a good example of how scammers will stop at nothing to get the victim to believe that they are dealing with public authorities. 

The link included in the messages takes the victim to a spoofed login page, and any bank credentials entered on the page end up in the hands of criminals, who will then proceed to use them to access the victim’s online bank service.

If you get scammed, immediately contact your bank. In some cases, it may be possible to prevent the money transfer to the criminals. In addition to this, you should also file a police report.

Stay alert: secure email scam messages still prevalent

Over the past year, the NCSC-FI has been warning organisations about secure email phishing attacks. The phenomenon shows no signs of abating, and cases of email account compromise resulting from these types of phishing attacks continued to be reported this week as well.

We examined the topic in detail in an Information Security Now! article back in April. The article also includes instructions on how to defend against phishing attacks and what to do if your email account is compromised.

Have you tried the new cyber exercise planning tool yet?

Cyber exercises are a part of organisations’ preparedness and can help test the effectiveness of prepared contingency plans. However, planning cyber exercises is often seen as a time-consuming and complicated process. In recognition of this, the NCSC-FI has released a new cyber exercise planning tool that can help you create a solid foundation for your organisation’s cyber exercises.

To start planning an exercise, simply select one of the four objectives presented. After completing the planning path, you will be provided with a full exercise plan, which you can print out and use as a checklist.

Read more (in Finnish): Uusi työkalu helpottaa kyberharjoituksen suunnittelua (‘New tool makes planning cyber exercises easier’) (External link)

Financial assistance for SMEs still available

The National Coordination Centre of the NCSC-FI offers financial assistance to Finnish SMEs for the deployment of modern cyber security solutions and innovations. The financial assistance is primarily aimed at strengthening SMEs’ own capabilities and Finland’s national capacity and infrastructure to defend against cyber attacks.

The application round for the financial assistance ends on 16 August 2023 at 16:15. The total amount of financial assistance being allocated is EUR 500,000. The maximum amount of financial assistance that can be granted to a single project is EUR 60,000.