Front Page: NCSC-FI
Front Page: NCSC-FI

Information security now!

Over the past week, Finnish organisations and individuals have been targeted by a large number of calls from scammers claiming to represent Microsoft technical support. The callers claim to have detected an information security problem on the victim's computer, which they then ask the victim to open. The calls appear to come from a Finnish number, with the scammers speaking either English or Finnish. These calls are scams, and there is reason to believe that they are being made from spoofed phone numbers.

Etähallintaohjelma sallii huijarin hallita tietokonettasi, joten älä klikkaa "hyväksy"
The scammer wants to access your computer – do not click “hyväksy” (accept)!

Do you have computer trouble?

Any claims of an information security issue or a hacker accessing your computer are false. The scammer will tell the victim to run various commands, such as ASSOC, NETSTAT, event viewer and so on. The scammer will then interpret the results of these commands to their liking and claim that there is an issue with your computer or that a hacker has accessed it. These claims are nonsense, and the results of the commands do not indicate any of the things the scammer is saying.

The scammer will try to convince the victim to install free remote access software, such as Anydesk, TeamViewer, SupRemo, Alpemix, Zoho Assist or similar. In addition to Windows, this software is also available for MacOS and Linux, if the caller is able to convince the victim to install it. The scammer may also ask the victim to purchase Google Play or iTunes gift cards or virtual currency and will ask for their codes. You must not agree to any of these requests.

Nämä virheviestit eivät tarkoita sitä, että koneellasi on hakkeri.
The scammer will claim that these error messages mean that a hacker has gained access to your computer. That is not true.

What should I do if I have been scammed?

Answering the call is not dangerous. When talking to a scammer, make sure that you do not share your online banking details or images of your ID or let the scammer control your computer. If this has happened, and the scammer has gained access to your bank account, contact your bank first and tell them what has happened. Report the crime to the police after this. You should also notify us if you have been scammed.

You must remove any remote control software installed by the scammer. You should also change all of your e-mail, social media and online service passwords.

What should I do if my phone number is used for fraud?

These fraudulent calls come from Finnish telephone numbers, some of which are genuine numbers associated with a Finnish telecommunications operator and their customer. The people whose numbers these are are not associated with the scammers, they themselves are victims of harassment.

It is very difficult to prevent someone from using your number for scams. If you block calls from the number, you also prevent yourself from using your phone. Technically, it is very challenging to distinguish scam calls from other calls. If your telephone number is misused, you may ask your operator for a new temporary number.

Which numbers do the scammers call from?

The telephone numbers displayed when the scammers call are all spoofed. The telephone calls actually originate abroad, even though the number looks Finnish. There are several techniques involved with call details, and technically, the caller number displayed to the device is not always the number associated with the subscriber actually making the call.

Hundreds of phone numbers that have been used to disguise these phone calls have been reported to the National Cyber Security Centre Finland. Most fraudulent calls come from numbers beginning with +35840..., +35845... or 09, for example, and other domestic area codes. Corporate numbers and the same numbers without the foreign area code are also prominent.

Please let us know if you have received a helpdesk scam call from a number belonging to your organisation, a central government number beginning with 0295 or if the call was made abroad. Please also let us know if the scammer claims to be calling from some other helpdesk than that of Microsoft or a Finnish telecommunications operator, speaks Finnish instead of English or seems to know which organisation they are calling. We do not need any more reports on ordinary fraudulent calls, unless the call resulted in damage for you.

Which information are the scammers looking for?

Scam callers are trying to gather information quickly and gain monetary benefits. Be especially careful if you are pressured into divulging or asked to provide information over the telephone quickly.

Criminals want to access the information on your computer or phone via remote access. With the help of banking codes, the scammer is able to transfer money directly, make purchases using your credit card and commit identity theft with intercepted personal data. Remote access software installed onto your phone may also be used to view verification codes sent via text.

Microsoftin logolla luotu verkkolomake, jota käytetään luottokorttitietojen kalasteluun uhrilta. Lomake pyytää täyttämään luottokortin tiedot ja "tilaamaan" palvelun tai tuotteen. Todellisuudessa lomake on huijaus, eikä siihen pidä täyttää omia luottokorttitietoja.
The scammer will ask the victim to enter credit card data onto an online form created by them.