It has been brought to the attention of the City of Espoo that malicious software has been distributed in the name of the city or its employees via e-mail messages. The Espoo ICT environment has not been hacked into. Instead, the messages have been sent by falsifying the sender's name. Potentially at least some of the cases concern the same Emotet malware which was previously reported by the National Cyber Security Centre in August.
Practical tips for using e-mails safely:
- Be wary of e-mails especially if you receive them unrequested and suddenly and they contain attachments.
- In your email software, enable two-step authentication.
- Avoid clicking any direct links found in emails. Rather, type the address in the browser yourself and navigate to the desired location on the website.
- Try to avoid using macros in the Microsoft Office family products. A macro is a series of commands and instructions that are combined into a single command to perform a task automatically.
- Keep the operating system, antivirus software and other software of your computer and smart devices updated with the latest version.
Malicious software can be used to steal information and possibly penetrate deeper and launch a piece of malicious software. E-mails can also be used to steal user identities and passwords that are used for other crimes.
If you receive suspicious messages in the name of the City of Espoo, please contact us by e-mail at firstname.lastname@example.org or the Finnish Transport and Communications Agency’s National Cyber Security Centre via an online service. If you suspect a crime, please inform the police.
For more information on how to use online services safely, visit the National Cyber Security Centre’s website.
Matti Parviainen, Chief Information Security Officer, City of Espoo, tel. 043 827 0246, email@example.com