It is a wider scam campaign that has ended up going around the cultural sector.
Eero Saunamäki
Several persons in the cultural sector have received fraudulent messages from the e-mails of the University of the Arts. The musician told Iltalehti about it Eero Saunamäkiwho is also one of the recipients of the scam message.
Saunamäki has worked, among other things, as the leader of Kaartin Combo, which performs at Linna’s parties.
– A colleague from the culture sector mentioned this on social media, to which I replied. There were a couple of others in the same message thread who had received the message, says Saunamäki.
The unifying factor in the messages was that everyone who received scam messages was from the cultural sector. Some of those who received scam messages had received the messages from acquaintances.
Confidential message
The message was recorded with the subject “Validity certificate”. The content of the message was recorded as confidential. Saunamäki was surprised that the message was a reply message, to which the letter combination “VL” refers.
Saunamäki did not already know the sender, but the sender’s name pointed to the right person, so he dared to trust the email he received. The opened link led to Microsoft’s login page via several different addresses.
Eero Saunamäki
At this point, Saunamäki realized that he was the target of a fraud attempt, because the passwords he saved on the computer are filled in automatically, and this time it didn’t happen.
– At this point I realized that it was a fake page and I didn’t try to log in there, says Saunamäki.
Saunamäki decided to answer the sender and make sure what it was all about.
The answer came automatically in a few seconds. The font of the reply message was also peculiar.
Eero Saunamäki
The answer was also written in Finnish in a clumsy block: “Good day, It’s for you, use the link to get to it.“
– That was the final confirmation that it was a scam.
A broad campaign targeting several organizations
The head of information management at the University of the Arts told Iltalehte that they are aware of the matter.
– Last week, we closed three accounts where we noticed phishing, says the University of the Arts.
The University of the Arts believes that one of their users has received a phishing message from outside the organization and by clicking on a phishing link, their ID has been hacked.
– This message has then been forwarded from that ID.
However, it is not something specifically targeted at the University of the Arts, but a broader campaign. The Cybersecurity Center is also informed about it newly.
– We closed the accounts as soon as we got information about it. This is normal practice as this kind of thing happens.
The University of the Arts could not assess exactly how widely the messages had time to spread. The accounts had ended up in the hands of the hackers from which the messages had been sent.