Front Page: NCSC-FI
Front Page: NCSC-FI
Go to Search

The National Cyber Security Centre Finland’s weekly review – 35/2023

Information security now!

This week we remind our readers about the importance of responding quickly to information security incidents. For example, if you fall victim to a phishing attack, you may still be able to avoid suffering serious damage by taking quick action. We also talk about romance scams and warn about tax return scams.


Topics covered in this week’s review

  • Responding quickly to information security incidents helps minimise their damage
  • Romance scams are professional crimes
  • Beware of tax return scammers
  • Autumn series of themed months kicks off with An Introduction to Information Security in September

Responding quickly to information security incidents helps minimise their damage

Reporting data breaches and other information security incidents quickly facilitates a rapid response, which in turn makes it possible to minimise the potential damage of the incident. For example, if you fall victim to a phishing attack, you should never try to hide it, but instead quickly contact the party responsible for your organisation’s information security or IT.

Reporting information security incidents provides numerous benefits

1: The ability to respond to threats improves

Reporting incidents quickly improves an organisation’s capacity to respond to any future threats. Even seemingly minor things such as suspicious messages should ideally be reported so that everyone in the organisation can be warned. Timely reports also allow organisations to quickly implement preventive and corrective measures.

2: The damage is minimised and recovery can begin

Reporting incidents quickly helps minimise losses and damage. For example, in the event of a data breach, the attacker’s further access to the organisation’s systems can be prevented by locking the compromised user account. A rapid response facilitates the securing of potentially compromised data and incident recovery.

3: The culprit can be caught

Reporting incidents to the authorities helps the police and information security authorities to investigate them and potentially track down and catch the culprits. Reporting incidents can also help prevent future attacks. Even if an individual incident is not solved, the information gained from reports can help investigate larger criminal cases. 

4: Obligations are defined in legislation

Many countries have laws regarding the reporting of information security incidents. In Finland, data breaches must be reported to the Office of the Data Protection Ombudsman within 72 hours of the data controller becoming aware of the breach. If something bad happens, it is imperative that employees respond quickly so that the organisation can report the incident to the relevant parties. Quick reporting helps these parties take the necessary action in response to an information security incident. It is also important to keep in mind the ethical and moral obligation to report incidents, especially in the case of personal data breaches.

5: Unpleasant incidents affect your reputation

Reporting incidents quickly can help organisations avoid damaging their reputation. The fact is that most information security incidents end up being publicly disclosed sooner or later, whether the affected organisation wants it or not. Communicating about incidents openly helps protect the organisation’s reputation among customers and stakeholders.

6: Every incident is an opportunity to learn

Learning from information security incidents is essential for avoiding future incidents. When information security incidents are reported quickly, the organisation can analyse their causes and develop their practices to avoid similar incidents in the future.

We at the NCSC-FI always welcome reports of information security incidents. Our situational awareness of information security is based on the reports submitted to us. We can also help investigate incidents and provide instructions on how to respond to them.

Romance scams are professional crimes

Romance scams are a shameless form of crime that anyone can fall victim to. A romance scam typically starts with the victim being approached on a social media platform. The scammers will pose as a made-up person who seems appealing to the victim in every way. After establishing contact, the criminals will often devote a great deal of time to establishing a trusting relationship between the victim and the fake persona by engaging in discussion about shared interests or lavishing the victim with praise, for example. Eventually, the criminals will ask the victim for money, claiming that they need it for flight tickets so that they can come see the victim in person, for example. During 2022, people in Finland lost a total of EUR 9 million to romance scams and document fraud.

Although it may appear to the victim that they are always talking to the same person, the persona made up for the scam is often played by several different people. The people behind the fake personas are often persons who have been coerced into participating in the scam, such as victims of human trafficking or people in a vulnerable position tricked into “customer service jobs.” The people carrying out individual scams are controlled by professional and organised criminal gangs that carry out large-scale scam campaigns. The victims of romance scams may also be exploited for money laundering: As part of establishing a trusting relationship, the scammers may send the victim considerable sums of money to send on to someone else.

You should always tell someone close to you about any new online acquaintances so that you can think about the situation together. Criminals try to make their fake personas as irresistible as possible, and infatuated victims can easily end up ignoring warning signs.

The tell-tale signs of a romance scam. A new online acquaintance is very interested in you and asks for your contact information. The messages are often poorly written or vague. The person’s profile is inconsistent with the things they tell you about themself. The person may ask you for intimate pictures or videos. After gaining your trust, the scammer will ask for money, gifts or bank information.

How to identify a scammer

  • The person is very interested in learning things about you, but will not provide detailed information about themself.
  • The discussion quickly turns romantic.
  • The person wants to quickly move the discussion to some other service.
  • The person does not want to meet you face-to-face or lives far away.
  • The discussion is inconsistent or illogical.
  • The person asks you for money or to transfer some money that they send you to another account. The reason given for the request is often some kind of emergency, such as a trip or illness, and the request is often urgent.

Romance scams shamelessly prey on people’s normal feelings and needs, longing for intimacy and loneliness. Because of this, falling for systematically and skillfully executed romance scams is very human. By exploiting the victim’s trust, romance scammers can end up defrauding large sums of money, in some cases even the victim’s entire life savings. If you end up falling for a scam, you should tell someone about is as soon as possible, even just someone close to you. Difficult experiences like these should not be processed alone.

The Love Scam Support project organised by Sosped Foundation and Maria Akatemia develops low-threshold support for the victims of romance scams and their loved ones. The services provided under the project include free-of-charge individual support, which allows you to reflect on and process what has happened confidentially with a professional. The Love Scam Support project’s helpline can be called by anyone who has encountered a romance scam or suspects that they are being targeted by one. The helpline is open Thursdays 16:00–18:00. For more information, please visit the project website  (External link).

If you fall victim to a scam, you should also report it to the police. You can file a police report either online (External link) or at your local police station. If you need help filing a police report, you can contact Victim Support Finland.

All information security incidents should also be reported to us at the NCSC-FI.

Beware of tax return scammers

Year after year, criminals use the payment of tax returns as an excuse to carry out scams aimed at phishing for identification data from taxpayers. "Saat hyvityksen, kirjaudu tästä” (“You are getting a refund, click here). "Jos haluat tämän summan, mene sivulle” (“If you want this sum, go to the website”). "Olet oikeutettu veronpalautukseen, klikkaa tästä” (“You are eligible for a tax return, click here”). "Sinulla on maksamattomia veroja” (“You have unpaid taxes”). These are just some examples of the approaches scammers take.

Veroteemainen kalasteluviesti, jossa väitetään vastaanottajalle olevan maksamattomia veroja
A tax-themed phishing message claiming that the recipient has unpaid taxes.

The NCSC-FI has received several reports of phishing messages themed around tax returns. The messages will claim that the recipient is eligible for a refund and that to claim it, they need to visit a website, which is actually a phishing site. These types of phishing messages have been sent to both organisations and private individuals.

Tax return scams are not a new phenomenon. The NCSC-FI last warned about tax return scams a year ago: Tax refunds are here and criminals try to get their hands on the money  (External link)

Autumn series of themed months kicks off with An Introduction to Information Security in September

For the rest of the year, the NCSC-FI will be focusing on a specific theme each month. To kick things off, the theme for September is “An Introduction to Information Security,” in accordance with which we will be providing valuable information about the most common information security threats and how you can protect yourself online. We will share more information about the themed month next week, so stay tuned! To participate in the themed month, simply follow our website and social media accounts.


CVE: CVE-2023-34039, CVE-2023-20890
CVSS: 9.8
What: Critical vulnerabilities in VMware Aria Operations for Networks software
Product: VMware Aria Operations for Networks 6.10 and older versions
Fix: Software update.


This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 25–31 August 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.