Information security now!
This week, we turn our attention to the approaching holiday season. Scammers don’t take holidays. On the contrary, they increasingly target acting financial officers with CEO fraud schemes while the regular staff are away. We also highlight growing cooperation in the field of cybersecurity and introduce new legislation aimed at improving the security of wireless devices.
Summer brings a surge in CEO fraud – stay alert
Holiday seasons are a prime time for fraudsters, and the NCSC-FI receives a surge in reports of CEO fraud during the summer months. In these scams, criminals impersonate members of an organisation's management, issuing urgent financial requests such as invoice payments or the purchase of gift cards. The messages may arrive via email, WhatsApp or phone, and are crafted to pressure the recipient into bypassing standard verification procedures due to the supposed urgency of the matter.
Fraudulent messages often begin with harmless-looking requests such as: “Can you do me a favour?” or “Do you have a moment? I have a request that you must handle discreetly. I’m heading into a meeting, so please reply by email – no calls.” But soon, the messages escalate into demands for money transfers. In some cases, scammers skip the pretext entirely and state directly: “We need to make a payment of €XX,XXX.XX.” Often, criminals have done their homework – they know who the key people are in the organisation and impersonate them convincingly.
Payroll and HR staff are also frequent targets. This spring, several cases emerged in which fraudsters posed as employees and attempted to change bank account details to redirect salary payments.
Always be cautious of sudden changes in invoicing information – especially if a message appears to come from a trusted source. A fake invoice may originate from a compromised account. In such cases, you can verify the message's authenticity by calling the sender.
The best protection is vigilance: verification calls using original contact details, follow internal protocols carefully and remind all staff regularly of fraud prevention guidelines – especially during holiday periods.
New information security requirements for smart devices
The information security requirements of the EU Radio Equipment Directive will come into effect on 1 August 2025.
The aim is to protect communications networks, enhance privacy, and prevent financial fraud conducted over networks. The new requirements apply to a wide range of smart devices that use wireless information networks for communication. This includes WLAN access points, smartphones, and internet-connected devices, as well as wearable smart devices, household appliances, toys, and other wireless IoT devices.
Device manufacturers will be responsible for ensuring that their products comply with the relevant information security requirements. Importers and retailers must also ensure that only compliant devices are placed on the market.
Finland and Ukraine strengthen cooperation to enhance cybersecurity
Finland and Ukraine are deepening their cooperation in promoting cybersecurity and protection. The two countries have signed a Memorandum of Understanding aimed at strengthening collaboration and facilitating the exchange of best practices and technical information between cybersecurity authorities.
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.