Cybercriminals targeting Estonia in new phishing wave

CERT-EE operates under the Information System Authority (RIA).
CERT-EE operates under the Information System Authority (RIA). Source: Information System Authority

In recent weeks, CERT-EE, the Information System Authority (RIA) department responsible for the management of security incidents, has received more reports than usual of cases in which cybercriminals have gained access to the email accounts of Estonian state agencies or companies and sent phishing emails on their behalf with the goal of stealing account information and passwords.

RIA Director of Cybersecurity Lauri Aasmann said that the characteristics of the phishing incidents are similar.

"A previously compromised email account is used to send phishing emails, from which hundreds of emails with the subject line 'Re: Invoice' are sent," Aasmann described. "When the recipient of the email clicks on the link contained in the email, a PDF file fairly convincingly mimicking the sending institution opens, asking them to log in via Google, Microsoft or other common environments."

The file leading to the phishing page, he added, is hosted in a cloud environment so that it cannot be detected by the authority's email filters or other security measures.

The phishing scammer's goal is to obtain the account holder's username and password in order to use them to commit new scams, Aasmann explained.

"At least a few thousand people have received such emails in recent weeks," he said. "As the scammer uses previously phished access to email accounts of institutions and companies to send letters, there is reason to believe that more such waves are coming."

According to CERT-EE, some of the accounts used in the current wave fell victim to compromising on May 29.

CERT-EE recommends that people be very careful when receiving such emails and not open unknown links. It recommends using two-step authentication to prevent one's email or social media accounts from falling into the hands of cyberscammers or the use of previously stolen data. Two-step authentication means that the user must identify themselves in two independent ways when logging in — a username and password alone are not sufficient. Outlook, Gmail, Facebook, Twitter and other common environments offer corresponding solutions via both text message and mobile apps.


Download the ERR News app for Android and iOS now and never miss an update!

Editor: Aili Vahtla

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: