Information security guidelines

A young woman walks her bicycle along a metro platform in the Helsinki Metro.

See if your information has been leaked to the dark web.

Go to F-Secure's website and enter your email address in the tool. You will receive your information security report via email.

F‑Secure Identity Theft Checker

Take care of your information security and privacy

Do you know how a social media service you use works? Do you know what logic it uses to offer content to you?

Do you know what you have committed to when you use a social media service? Are you familiar with the terms and conditions of the service?

  • Be careful about the information you share on social media about yourself as well as your family and friends.
  • Be careful about accepting friend requests from strangers.
  • Make sure you regularly check the privacy settings of the services and apps you use.
  • Take care of your information security. Keep the devices and apps you use up-to-date.
  • Protect your data connections and devices. Take care to protect yourself against viruses and other malware.
  • Use strong identification, such as multi-factor authentication, for all services and apps you use that have it available.
  • Make sure your digital footprint doesn’t make you ashamed. Assume that everything you publish, even in closed groups, is public.

Source: Kyberturvallisuuskeskus.fi

Caller ID spoofing in scam calls from abroad has been a significant problem in recent years.

The purpose of scam calls is, for example, to trick the call recipient into giving remote computer access to the scammer (technical support scam call) or to give their online banking codes to the scammer.

Your telephone service provider has an obligation to prevent caller ID spoofing

  • In 2022, Finnish Transport and Communications Agency Traficom revised a regulation and made it obligatory for phone service providers to prevent caller ID spoofing and relaying scam calls to call recipients.
  • The aim of the revised regulation is to prevent the use of Finnish numbers in international cyber crime and to reduce the amount of scam calls from abroad.

Enticing someone to call back, or drop calls, is another form of telephone fraud.

In this scam, the phone rings once or twice, and after that the caller hangs up the call. On the phone, you can see that you've missed a call, and the idea is to entice the recipient of the call to call the foreign number back.

Calls to numbers outside the EU can cost several euros per minute, and calling to a satellite phone number can cost ten euros per minute or more.

What type of information security risks do phones have?

Malware and vulnerabilities on a phone

  • Criminals can install malware on a phone by taking advantage of the vulnerabilities in the operating system or apps. They can use malware to steal information, gain access to the information on the phone or spy on the person using it.

Fake apps

  • Criminals may create malicious apps and disguise them to look like some known or trustworthy application. These apps can steal information from the user or install malware on the phone.

Phishing messages and sites

  • Criminals can send phishing messages or build fake websites. Often the aim of a fake website is to trick the visitors of the site to hand over sensitive information, for example passwords or credit card information.
  • In Finland, phishing messages sent in the name of various banks are constantly in circulation.
  • It’s possible to send phishing messages as a continuation of real SMS chains from your bank, which makes it difficult to distinguish between genuine messages and scam messages.

Social manipulation and fraud

  • Phones are often used as a gateway for social manipulation, such as scam phone calls or messages. The aim is to get the target to reveal some sensitive information about themselves or to do something harmful.

Identity theft

  • Phones contain a lot of personal information, such as banking details or personally identifiable information. If a criminal gains access to a user’s phone, they will use the stolen information for identity theft or another type of pursuit of financial gain.
  • Sometimes a stolen identity has been used to scam the inner circle of the victim by pretending to be someone they know.

Phone scams

  • Spoofing a caller ID to look like a Finnish phone number is a technique used widely by international criminals. With the help of this technique, Finnish victims are much more likely to trust and answer scam phone calls from abroad and for example hand over their online banking codes or give remote computer access to criminals.

Source: Kyberturvallisuuskeskus.fi

Banks almost never include a link to their website in the messages they send.

Good information security practices for phones

Keep your operating system and apps up-to-date

Regular operating system and app updates are essential for information security. You should install updates as soon as they become available. Updates often include fixes and improvements that protect your phone from known vulnerabilities.

Always install operating system updates from your phone’s settings and app updates from the official application store. Updates from unofficial sources can be malicious and can infect your phone with malware. When you allow automatic updates on your phone, you are better protected against serious software vulnerabilities.

When getting a new phone, always check how long the manufacturer will offer updates for that specific model. Choose a phone for which updates will be available for as long as you plan to use it.

Use a strong password or biometric identification

When you lock your phone, use a strong password or biometric identification, such as a fingerprint or facial recognition.

Avoid passwords that are easy and predictable.

Use different passwords for different services and devices.

Be careful when you use public Wi-Fi networks

Avoid entering sensitive information, such as online banking codes or passwords, into services when using public wireless networks.

If you use a public network, consider using a VPN service that hides your information and protects your network connection. You should disable the automatic connection to known Wi-Fi networks on your phone.

Only use trusted sources when you download apps

Download applications from official application stores only. These stores often filter malicious apps and offer better information security. Nevertheless, you need to use your judgement in all application stores, because it is often impossible to filter out all malicious software.

Check the terms and conditions of apps

Even though laziness might strike when you are reading terms and conditions, it is worthwhile to check what access rights the application you are installing is requesting.

The access rights reveal if the app wants permission to track your location or use you phone’s microphone.

Only grant applications the access rights they require and consider carefully what information and functionalities you share with them. Think about what the app is mainly used for and whether the app is trying to ask for an access right that does not serve its actual intended purpose from the perspective of the user.

Use a trustworthy antivirus software

A good antivirus software helps detect malware on your phone and delete it.

Use a well-known and up-to-date antivirus software that offers real-time protection. Once again, you have to pay attention, because criminals may try to sneak malware onto your phone by disguising it as antivirus software.

Make back-ups

Make back-ups of the important information on your phone regularly. This way you can recover the information if you lose your phone or if it stops working.

When you back up information, use cloud services, external memory or a computer.

If you need to reset your phone to its factory settings due to a malware infection, for example, you won’t lose any important information because you have backed it up.

Watch out for malicious messages and links

It is difficult to avoid receiving malicious messages entirely, and receiving these messages is not dangerous per se. However, it is important not to open messages or links from unknown senders, especially if they seem suspicious or try to get you to share some personal information.

Remember that banks almost never include a link to their website in the messages they send.

Use encryption when you transfer data

When you use a browser on your phone, make sure that you are using a secure connection for online services. Remember to always check that the address in your browser starts with “https” protocol, especially when you are logging in somewhere or handling some sensitive information.

Take call barring services into use if needed

International phone calls and calls to service numbers as well as SMS messages to short message service numbers can be barred.

Turning on barring for phone calls and SMS messages is free-of-charge for the owner of the phone subscription. However, telecommunications companies can charge a fee for removing barring categories.

For more information about barring, reach out to your telecommunications company.

Source: Kyberturvallisuuskeskus.fi

Find out more about your data protection rights from the website of the Office of the Data Protection Ombudsman.

Tietosuoja.fi