Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 23/2025

Fraudulent websites exploit ETA and ESTA travel forms – always verify the official service channel

The NCSC-FI has received reports of scam websites exploiting the ETA (Electronic Travel Authorization) and ESTA (Electronic System for Travel Authorization) travel forms. Victims of these scams have suffered financial losses and exposure of personal data.

ETA and ESTA are official electronic travel authorisations required in many countries, such as the United States and ETA-system countries like Canada and the United Kingdom. Applications are typically submitted online, which has enabled fraudsters to create fake websites resembling those of government authorities.

These fraudulent sites often appear credible and may pose as the official services of, for example, US Customs or the UK Government. On such websites, scammers may charge excessive fees for the travel authorisation and fraudulently collect users' personal and payment details. The stolen information may be used for identity theft or financial fraud. Always make sure the website is verified and trustworthy before providing personal information, passport images or banking details.

To identify the legitimate site, pay close attention to the URL. Official websites usually end in .gov or .gov.uk and use a secure HTTPS connection. Searches made through search engines may return paid advertisements that redirect users to scam sites.

We recommend always checking the official travel requirements from the destination country’s authorities or the Ministry for Foreign Affairs website.

The official ESTA form is available here (External link). The official ETA form website varies by country. For example, the UK’s official site can be found here (External link). 

Be vigilant on the web – remember updates and strong passwords

Everyday cyber security skills are essential for all of us. In the latest videos of our Be vigilant on the web campaign, the NCSC-FI reminds everyone about the importance of software updates and strong passwords. If these practices are already part of your routine, consider helping friends and family as well.

When was the last time you updated?

Keep your devices and software updated. Updates ensure that you are using safe and well-functioning devices. You can enable automatic updates to help with this.

Sometimes devices have to be replaced. If a device or its operating system reaches the end of its life cycle, the manufacturer will no longer provide updates for it.

Are your passwords strong?

Most of us have numerous user accounts across different services. It is smart to protect important information well so that it does not end up in the wrong hands.
Create a unique and strong password for each service. Instead of a single word, use a password phrase that also includes numbers, special characters, and upper-case and lower-case letters.

Do not use the same password for multiple services. If your password is exposed to a criminal, all your user accounts will be compromised at once. To help you remember passwords, you can use a password manager.

Once your passwords are strong, we also recommend activating multi-factor authentication. Multi-factor authentication means that your identity is verified in at least two different ways. Extra verification can be done by a one-time number series or code that is sent to you by SMS or email. Even if a criminal were to get a hold of your username and password, they cannot log in to your account without the additional authentication factor. Multi-factor authentication is recommended especially for services that include personal data or payment information.

New project continues strengthening EU cyber security – stay informed about upcoming funding calls

The National Coordination Centre for Cyber Security Research, Development and Innovation (NCC-FI), operating within the NCSC-FI at Finnish Transport and Communications Agency Traficom, has been granted co-funding from the European Union's Digital Europe Programme for a new four-year continuation period. The project aims to strengthen cyber security both across Europe and nationally.

The European Commission is funding the project with four million euros, and nearly the entire amount will be distributed as financial support to Finnish actors. During the project period 2025–2029, financial support will be provided for implementing new cyber security legislation, as well as for the deployment and dissemination of modern cyber security innovations. Information about upcoming calls will be published on the NCC-FI website and in the national portal haeavustuksia.fi.

Join the national competence community

The NCC-FI builds and develops a national cyber security competence community. Its goal is to foster collaboration among stakeholders to improve cyber security-related research, development and innovation.
The NCC-FI organises networking events for the community as well as public funding call info sessions. In addition, it supports Finnish stakeholders at different stages of the EU funding application process and helps in finding suitable project partners.

Read more: New four-year project continues to strengthen cybersecurity in the EU – follow upcoming funding opportunities