Phishing messages are mostly sent from hacked accounts. In some cases, email accounts can also be used for invoice fraud.
In email phishing, email account information can be captured.
Traficom Cyber Security Center reports in its weekly review, that e-mail phishing messages have led to e-mail account hacks, in which e-mail information has come into the possession of cybercriminals. In particular, the municipal sector, organizations and public administration have been the target of attacks.
During May alone, more than ten different entities have been the target of email account hacks. In burglaries, the recipient has received a phishing message and shared their e-mail login information with the attacker on the phishing page.
The break-ins have mostly led to new phishing messages and in some cases even attempts at invoice fraud. The Cyber Security Center is reminded of invoice fraud in the past. In billing fraud, after the e-mail, you may also receive a phone call from a person who sounds believable.
An invoice fraud scam can look like this. Screenshot from the website of the Cybersecurity Center. Traficom
– According to our information, more than ten e-mail accounts referring to municipalities or the municipal sector have been hacked since April, Cybersecurity Center’s information security expert Matias Mesia tells Iltalehte.
According to Mesiä, the e-mail accounts of the state administration or other trust services, such as the police or the state administration, have not been hacked. Burglary in the municipal sector is particularly accentuated during the holiday season, when various managing director or billing scams may appear. Mesia emphasizes the importance of information security knowledge and training for vacationers.
– At that time, there is a person who does not normally handle the matter on the property of the person who normally handles the matter.
The cyber security center does not reveal municipalities or organizations that have been the target of a burglary. Hacked e-mail accounts are usually used by individuals, from which phishing messages spread to organizations via e-mail contact information.
– Hopefully, organizations will report phishing messages sent as a result of account hacking on their websites, and the contact information to which phishing messages have been sent, says Mesiä.
Scam messages disguised as security mail
According to Mesiä, fishing messages use the sender’s credible e-mail and the organization’s logo.
– We are aware of cases where user contact information and user e-mail messages have been stolen from a hacked e-mail account, special expert at the Cyber Security Center Max Mäkinen says in the press release sent to the media.
An email masquerading as secure mail can look like this. In addition, the logo of the organization can be included in the message. Screenshot from the website of the Cybersecurity Center. Traficom
Messages disguised as security mail have been sent to recipients, asking the recipient to share an email ID and password to a phishing page controlled by a criminal. The login page may look very authentic, but the information ends up in the hands of criminals.
– If the username and password pair entered on the fishing page are also used in other services, the password should be changed immediately, the Cyber Security Center says.
The Cybersecurity Center recommends using multi-step authentication and restricting email forwarding rules.