The Cyber Security Centre warns about a widespread phishing campaign
The National Cyber Security Centre, operating under the Finnish Transport and Communications Agency Traficom, has warned about a widespread phishing campaign and chain of data breach attempts to compromise identities/email accounts. The Cyber Security Centre has requested other organisations to share information on the matter, and this article is an edited, shorter version of the original article.
Scammers involved in data breaches and phishing are basing their fraud on “secure emails”. The spoofed secure email messages typically include the logo of the organisation that they are trying to imitate so that they look like the secure email service of the organisation that has an employee whose user account has been breached and is being used for sending phishing messages. The Cyber Security Centre stated that the number of breached accounts is significant and so far, hundreds of successfully breached accounts both in private and public organisations have already been reported. Scammers have managed to send thousands of phishing messages from these breached accounts to other email addresses of employees working for public administration and companies.
Please be extra attentive if you receive secure emails right now and ensure the authenticity of the message by calling the sender, for example. If you do not know the sender and you are not expecting to receive a secure email, delete the message. If you get a notification about strong authentication in the Microsoft Authenticator application on your phone, but you are not actually logging in to any service that would require authentication at the moment, do not approve the authentication request.
Generally speaking, it can be said that Uniarts Helsinki, too, is constantly targeted by phishing attempts, and this current situation is no exception to the rule. Spam emails and links in messages are filtered automatically within our organisation, but nevertheless, it is possible that scam messages make their way to users’ inboxes. There is no reason to be extra concerned about the situation, but all of us should be careful and cautious in our normal day-to-day work.
Never respond to suspicious messages.
If you have questions about phishing attempts, you can send a message to the information security email of Uniarts Helsinki (tietoturva@uniarts.fi).
If you think you may have been scammed, immediately contact Uniarts Helsinki’s Helpdesk (help@uniarts.fi or +358 294 47 2200).