The National Cyber Security Centre Finland’s weekly review – 47/2022
Information security now!
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 18–24 November 2022). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.
Topics covered in this week’s review
- Attempts to change bank accounts
- Recordings of the Tietoturva 2022 information security seminar published
Attempts to change bank accounts
In recent weeks, the NCSC-FI has received reports of scams that involve attempts to change bank accounts used for invoicing or the payment of wages. In some cases, the fraudulent messages have been sent from recently compromised email addresses, allowing criminals to carry out these scams in a very believable way.
Globally, the phenomenon is more widely known as business email compromise (BEC) or email account compromise (EAC) (External link). Warnings about the phenomenon have been issued by numerous authorities, including the FBI in the United States (External link) and the Australian Cyber Security Centre (External link). In most cases reported from around the world, the motive behind BEC/EAC has been criminal, with the compromised email accounts being used to carry out invoice fraud or so-called CEO fraud. The criminals’ aim can be to change bank accounts used for invoicing, create fraudulent invoices or pressure employees into providing financial benefits to the criminals by creating a sense of urgency or impersonating a supervisor, for example. Another common approach that criminals employ is to create slight variations on an organisation’s legitimate domains, email addresses or other identification mechanisms in order to fool employees.
Recordings of the Tietoturva 2022 information security seminar published
The Tietoturva 2022 information security seminar was held at Tennispalatsi in Helsinki on 25 October 2022. The presentations at the seminar were recorded and have been compiled into videos that are now available for viewing (External link).
The seminar included discussion on the ongoing change of our security environment and the impacts thereof on the cyber security and preparedness of different sectors of society. The presentations that have been authorised for publication have been compiled on NCSC-FI’s seminar page and subtitled. Be sure to join the discussion on the latest cyber security topics in next year’s seminar as well!