Several Swedish authorities have been exposed to fraud attempts.
Hundreds of employees were called in just a few hours.
– End the conversation as soon as possible, urges MSB.
During an intense phishing attack on Wednesday, targeting series of numbers that mainly went to the authorities’ work phones, the callers were asked to immediately press a button to get to the “police”.
– Many of our employees have received these calls, someone had also received them on their private phone. So I suspect that we are only an indicator in this, that there are many more who are affected, says Johan Andersson, press secretary at the Pensions Agency.
He describes the pre-recorded voice on the other end calling for immediate action. He himself was affected at eight o’clock in the morning on Wednesday.
– On my company mobile, I had a call every five minutes. So my phone rang five or six times.
Dan Holgersson, head of IT security at the Pensions Authority, confirms the fraud attempts against several of the authority’s 1,800 employees.
– I estimate that there were 300-400 people who were exposed, just with us. It is a recorded voice saying in English that there have been illegal events on your phone. That you were affected by a virus or that someone hijacked your phone. And then say that the Swedish police have discovered it.
Aftonbladet has listened to a recording of one of the fraud attempts. In the recording, a man’s voice says that there have been suspicious activities on “your Swedish ID card” and “your personal information”. In addition, that there is a “warrant for your arrest”.
Warns employees
The entire fraud call takes place in English and the caller is asked to make a button selection to get to the investigating police. Then the call ends up at a call center where a voice says “Swedish police force, how may I help you?”.
– There are those who feel that you speak English with a certain Indian accent. But it hasn’t really worked out what they want to achieve. As soon as they suspect that you are not playing the scam, they hang up, says Dan Holgersson.
– And it is not possible to just block one number, they use lots of different phone numbers, 30-40 different numbers have been reported to us.
The pension authority has warned its employees on its intranet, but Dan Holgersson finds it unbelievable that anyone would fall for the fraud.
– The message is in English and it is referred to as the Swedish police. When you make the button selection, they cannot speak Swedish.
The pension authority has reported the fraud attempt to CERT-SE, Sweden’s national Computer Emergency Response Team that handles and prevents IT incidents, at MSB.
Council: Hang up
On the other hand, the authority for social protection and preparedness does not want to say which government agencies were affected, or how many were affected at the various authorities.
– When authorities report, what they report becomes confidential. A large number of people in several agencies have received automated calls in English that invite button presses. It’s fraud attempts, so-called phishing, from invalid phone numbers, says Johan Eriksson, press secretary at MSB.
– This is a fraud attempt by “some actor” with an unknown purpose. We at MSB therefore urge anyone who receives such a call to end the call as soon as possible.
Lotta Mauritzon, crime prevention officer at the police’s National Fraud Centre, says:
– I have received reports today about such calls. It may be that their phone number is part of some larger series of numbers that you are trying to call.
She advises those who receive calls to hang up.
– The police do not call in this way, I can guarantee that. And definitely not in English. We are an authority. We must nurture the Swedish language, says Lotta Mauritzon.