Cyber threats

Expand all questions

Because information regarding the coronavirus is understandably the focus people's of interests right now, the distributors of malware are using it as well -- all over the world letters are sent out with links or attachments that contain a document that seemingly might give the receiver new information about the spread of the virus. We are also aware that a map of the spread of the virus is being used as bait. These letters infect your computer with malware that could steal your passwords and other data.

The growing popularity of distance working is also being exploited. Working from home, people often need to join different central services, file sharing platforms or communication networks. If you receive a letter that calls on you to click on another link in order to join a work-related group, make sure that this really is a group or a service that you have arranged with your employer.

In the case of work e-mails, you have to remember that invoice fraud and CEO fraud schemes are quite common in cyber crime. If your boss (who is currently probably not with you) asks you to transfer money from the company's account to a completely unexpected bank account, confirm through some other prearranged channel of communication whether she is sure about that. If a business partner in another country asks you to send a payment for services to a new bank account, confirm this with him over the phone or some other channel of communication.

Recent times have seen a resurgence in the spread of payroll scams where an employer seemingly asks the head of personnel to transfer her wages to a new bank account as of next month. This request is actually being sent by cyber criminals who end up getting the money. In a payroll scam the cyber criminals send a short e-mail in quite convincing Estonian to the head of personnel under the name of an employee, asking that the wages be transferred to a new bank account as of next month. For this they use visual scams, replacing a letter in a name or barely noticeably altering the domain name (ettevõ vs ettveõ They might also take advantage of insufficient security of the e-mail account and impersonate the e-mail address of an employee in a way that is difficult to distinguish for a layman.

At the beginning of the crisis, there was a spread of English-language phone calls asking access to the recipient's computer in Estonia. The calls came from foreign phone numbers and the caller introduced himself as a representative of an internationally well-known company. Referring to the current situation where many work in home offices and the need to keep the equipment used for distance work secure, the callers asked for access to the computer. The reason they gave was a wish to check that the device is secure enough. At refusal the caller did not end the call but steadfastly continued asking for access. The goal of the fraudsters might have been to steal passwords or bank card data. These kinds of calls might also be used to sell scareware products that seemingly find malware in the victim's computer. By paying the fraudsters you unfortunately really get rid of your money and only seemingly get rid of the so-called malware that wasn't in the computer in the first place.

Last updated: 17.04.2020 19:27

Did this response answer your question?

No, rather the number of cyber incidents registered by the Information System Authority has remained at a level similar to the period before the crisis. But, considering the extent of distance working that is currently being done, the total risks have still increased. The information Security Authority has seen that cyber fraudsters both in Estonia and the rest of the world are trying to take advantage of the coronavirus in a new way -- for instance, an e-mail containing malware has been disguised as virus-related information from the Health Board.

For more specifics, see and

Last updated: 24.05.2020 16:58

Did this response answer your question?

More information about the coronavirus and restrictions related to it is available calling 1247 (from abroad +372 600 1247).