Different types of scams

How to spot AI scams and protect yourself from them

Criminals are increasingly using AI in their scams. With the help of AI, they can create more credible scams, deepfake videos and targeted phishing messages. Learn to spot AI scams and protect yourself from them.

Read more about AI scams

Fake websites pop up on search engines

Fraudsters set up fake websites designed to look like the websites of various banks, companies and public authorities and these fake websites may sometimes pop up on search engines, such as Google and Bing. This often occurs when you use a search engine to access the websites of banks, health care services, the Tax Administration and Kela or the MyKanta service. The fake websites are typically identical copies of the original websites and used to deceive users into entering their online banking codes and other sensitive information on the websites.

There are also many fake customer service websites that are designed to look like they belong to a legitimate service, such as Facebook, PayPal or Gmail. These websites may include phone numbers to contact centres that are controlled by the scammers. When you call a fake customer service number, the scammers will attempt to manipulate you into installing remote access software on your device, confirming payments and disclosing sensitive information. 

Tips on how to avoid search engine scams:

• Don’t enter your online banking codes on websites you have accessed through a search engine.
• When you need to access the website of a bank, public authority or health care service provider, for example, type the full address in your browser (such as nordea.fi or kanta.fi).
• Save websites you visit regularly and use your online banking codes to access as favourites or bookmarks to make sure you always end up on the right website.  
• Always check what you’re asked to confirm. For example, if you are logging in to MyKanta but your authentication app or device asks you to confirm that you want to log in to your online bank or to confirm a payment, you are being phished. Cancel the request and contact your bank.
• Use your bank’s mobile banking app to do your banking 
• If you suspect that a website you are visiting might be fake, leave the website. If you suspect that you may have entered your banking details on a fake website, contact your bank. 
• Never allow anyone to install remote access software on your computer or phone. Trustworthy companies don’t use them as part of their customer service.

Vishing

Voice phishing, or vishing, is a technique used by scammers who pose as a representative of a public authority, a company or a bank. The caller will often claim to be calling in order to help the victim, say the matter is urgent and try to gain the victim’s trust.

The aim of the scammer is to get the victim to use their online banking credentials or to reveal them during the call. The purpose of the vishing call is to access the victim’s online bank in order to transfer money or to get the victim to confirm payments with their online banking credentials or transfer money to a ‘safe account’.

Safe account scams

Safe account scams are a form of vishing where scammers try to get you to move your money to a ‘safe account’. The caller may pretend to be from a collection agency, public authority or bank. Before the call, you may get a phishing message in which the scammer attempts to steal your online banking credentials and potentially other sensitive information. 

The scammer will claim that your money is at risk and that you need to transfer it somewhere safe. They will attempt to manipulate you into transferring the money to another bank account and even installing remote access software on your computer. In reality, this ‘safe account’ is controlled by the criminals. Banks, public authorities and other organisations will never ask you to move your money to such bank accounts. 

Tech support scam

Tech support scams involve a phone call from scammers claiming to be working for a well-known tech company, such as Microsoft. The scammers will often speak in English.

The victim is told that their computer has possibly been infected with a virus and it must be cleaned. During the phone call, remote access software is installed on the victim’s computer. At the end of the call, the victim must pay for the service, but will be charged hundreds or even thousands of euros from their account.

The National Cyber Security Centre Finland and the police have warned about tech support scams, urging people to be vigilant.

Tips on how to avoid vishing scams:

• Never reveal your personal online banking credentials or account details over the phone even if the caller demands it or claims to be asking for them for your own security.
• Remember that representatives of the police, your bank or the authorities will never call to ask you for your online banking credentials.
  
• Vishing calls may also come from Finnish phone numbers. If a call seems suspicious, you should hang up. You can verify with the customer service of the service provider in question whether they have tried to contact you.
• Large companies such as Microsoft don’t call their customers. If you receive a phone call from someone claiming to be a Microsoft employee, you should hang up.
• If there are problems with your computer, contact the technical support for the device.
• Never allow anyone to install remote access software on your computer or phone. The authorities and trustworthy companies don’t use them as part of their customer service.
• Never move your money to a ‘safe account’. Hang up the call and contact your bank. 

Spot phishing and smishing

Scammers send fraudulent emails (phishing) or text messages (smishing) in an attempt to steal confidential information and to obtain financial gain to the detriment of the victim. Therefore, it is very important that you learn to spot these scams and don’t provide your bank details to anyone. 

Read more about phishing

Identity theft

Identity theft means using another person’s identity for buying goods, placing orders or taking out loans, for example. Signing up for services in another person’s name, especially online, can happen quickly.

Read more about identity theft

Online marketplace scams

Online marketplace scams are scams that take place on second-hand marketplaces on the internet. The goods being sold are non-existent, and the seller stops responding to messages after they have received payment from the buyer. Whether you’re a buyer or a seller, here are a few useful tips for protecting yourself from these scams.

Read more about online marketplace scams

Laundering of illegal funds

Mule accounts have become increasingly common in Finland over the past few years. These are Finnish bank accounts that are used in criminal activities, especially after phishing scams, to move and conceal the proceeds of the crime.

A money mule is a person who is recruited to receive and transfer money obtained by criminal means through their account. Typically, the mule is paid a small commission for the money transferred.

The victims of scams are also sometimes used for concealing the origin of illegally acquired funds. This is commonplace especially in romance scams. The scammer tells the victim that they need help with a money transfer which, for some reason or another, they are unable to complete through their own account. The victim is given an account number to which they should transfer the money after receiving them on their personal account. However, every account holder is obliged to know the origin of the funds held on their account.

How to spot money mule recruitment:

• You are promised easy and quick money without any obligations or agreements. The risks involved and the illegal nature of the task are downplayed or not even mentioned.
• You are asked to receive funds in your account and to transfer them to another account.
• The person contacting you wants to borrow your account, card and/or online banking credentials.
• You are given a vague or an emotional reason for the transfers (such as love, urgency or an emergency).
• You are typically contacted on social media or through a messaging app.

Tips for avoiding becoming a money mule:

• If you are not sure about some of the funds on your account, please contact your bank or the police immediately before making any credit transfers.  Suspicious cases are always investigated by the police. In addition, your bank may have to restrict the customer’s services.
• Be careful about any requests to transfer money. Especially if you have met the person online and they ask you to make a credit transfer.
• If you feel suspicious about the request or the origin of the funds, do not make the transfer.
• If you notice that you have been used as a money mule, contact the local police. Also contact your own bank and ask for a thorough investigation of the payments you have made.

Romance scam

In a romance scam, the scammer meets the victim on the internet, for example through Facebook, Instagram or dating sites. The scammer will contact the victim and send messages actively. Often the scammer will claim to be a soldier on a foreign mission or an engineer travelling a lot around the world who may have contacts in Finland.

Soon after the first contact, the scammer will claim to be in love with the victim and begin planning a future together. After a while, the scammer will ask for money for various purposes, such as hospital bills or trips. Often the scammer will give a good reason for asking for money, and the sooner the victim sends it, the sooner they can start their future together. The contacts may continue for several months.

Tips on how to avoid love scams:

• If a person you meet online asks you for money, you should be wary. Unfortunately, such requests are almost always a scam.
• Romance scammers usually don’t agree to speak on the phone or to have a video call. If a person you meet on the internet is unable to call you or join a video call, they are most likely a scammer.
• Remember that romance scammers take advantage of people’s desire to help. They may send documents or other proof that supports their story.
• If you notice that you have been scammed, inform your bank of this and report the scam to the police. You won’t be the first or the last victim of a love scam.
• You can get peer support from the website of Victim Support Finland. You can also call them anonymously.

Investment scam

In an investment scam, the victim is contacted and told about an amazing investment opportunity. The scammer may propose an investment in shares, funds, cryptocurrencies or binary options. What the investments have in common is that their future prospects sound almost too good to be true.

In the messages, they will also ask the victim to invest money in the highly profitable assets. In reality, the investments don’t even exist and the money paid by the victim is pocketed by the scammers. 

Read more about investment scams

Online shopping scam

In online shopping scams or lottery scams, the victim is asked to give their card number in order to participate in a lottery or survey, redeem a “prize”, pay for “insufficient postage”, order a sample or buy an inexpensive product (such as a smartphone, tablet, gift voucher, shoes or samples of beauty or health care products). 

While paying for an initial sum of a few euros, the victim accepts the terms and conditions of the service provider. By doing this, the victim signs up for the seller’s service, which leads to monthly debits to the victim’s payment card. The debits can amount to tens of euros per months.

It may be extremely difficult to discontinue the unintended agreement, so the victim should close their card and order a new one, which will terminate the monthly debits. You can file a complaint about the charged payments with your bank.

Tips on how to avoid online shopping scams:

• Don’t provide your card details in a reply to a message or through a link you have not asked for or if you are unsure about the service provider’s trustworthiness.
• Remember that online shopping scams and lottery scams are marketed in the name of well-known companies and stores that actually have nothing to do with the prize draws or products offered.
• Attractive advertisements and offers are actively posted on social media, especially on Facebook. So please be careful online.
• If you notice any suspicious debits on your card, please initially contact the company that debited you. Its contact details will often be found on the internet. If you don’t recognise some purchases, block your card through mobile bank or by calling the card blocking service, tel. +358 20 333 (local rates apply*).

Job scam

Scammers use fake job ads to try to lure people in with an opportunity to make quick and easy money. You may come across these fake jobs not only on social media and messaging apps but also on job search platforms. The job ads usually offer an opportunity to make a lot of money and to work from home, and they don’t require any previous work experience.

The job may involve reviewing various websites or apps online, for example. The employee is typically asked to open a salary account to which their salary will be paid in a virtual currency. The employee is then urged to deposit money in this account under various pretences. One reason the scammers may give is that the money in the account is temporarily needed for the performance of the employee’s duties and the account balance cannot be zero. The scammers assure the employee that they will get the deposits back along with their salary after the salary period ends. But in reality, the employee loses the money they deposited in the account.

Tips on how to avoid job scams:

• Beware of unexpected and too-good-to-be-true job offers. Do your research on the employer.
• If you are asked to apply for the job through a messaging app, there is no job interview and the recruiter is not interested in your work history, the job offer is most likely a scam.
• You should never have to transfer money to your employer to receive your salary.

Online shopping scam

Scammers sell fake or non-existent items on websites that look legitimate. These are advertised especially on social media to try to draw you into grabbing a rare item or an unbeatable bargain. They have a wide range of products available and plenty of items in stock in different colours, sizes and styles, which is often a sign of something that’s too good to be true. Sometimes the scammers try to pull on your heart strings with a sad story about their business closing. You may come across such stories especially on social media where the online shop has set up a fake profile, pretending to be a Finnish business.

You may also end up visiting a fraudulent online shop after using a search engine to look for a well-known brand or product. If you enter your card details on a fake website, you could end up with fraudulent charges on your card.

Tips on how to avoid online shopping scams:

• Be especially careful if you access an online shop by clicking an ad you saw on social media.
• Look for information about the business online and read other people’s experiences with the website. Any reviews you find in the online shop may be fake.
• Suspiciously low prices and great deals can be a sign of a scam.
• Be sceptical of emotional stories on social media and of last-minute offers.
• Check the online shop’s terms and conditions and contact details before you buy anything. A reliable business has this information readily available and provides other contact details besides an email address and a contact form.
• Pay attention to the language of the website. You can typically find minor spelling errors on fraudulent websites. But don’t forget that a fake website can also be well-written in Finnish!
• Beware of website URLs that are similar to well-known brands (such as mekkomari.com).
• Once you know which website you want to go to, type the entire URL into your browser search bar to avoid clicking on links to fake websites in search engine results.
• A brand new website may be a sign of a scam. You can check publicly available information about the URL on Traficom’s website, for example.
• Use a credit card to pay for your online shopping where possible. If the seller fails to comply with the contract and doesn’t deliver the item you ordered, your bank and the seller are jointly liable to compensate you for the transaction. Don’t make any advance payments by bank transfer. Read more about consumer protection with credit cards
• If you suspect that you have been scammed, block your card in Nordea Mobile or call us or the card blocking service on +358 20 333 (local rates apply*). 

Fake invoices and invoice fraud

Fake invoices are sent by scammers requesting payment for a product or service that the targeted person or company has not ordered and that have not been delivered. Fake invoices are often sent by email. Someone posing as a seller may also call and demand money over the phone, claiming that the company has concluded an agreement with them.

Scammers may also hack a company’s email and edit the account number on an outgoing payment to direct it to the scammers’ own account.

Tips for dealing with fake invoices:

• Check whether the invoice makes sense and whether you or your company have bought the product or service in question.
• Check the address of the sender of the email invoice even if it looks familiar.
• Make sure your company has clear invoicing procedures and instructions for paying invoices and train your employees to follow them.
• If the invoice is recurring, check that the recipient’s account number is the same as on the previous invoices.
• Search the internet for information on the sender of the invoice. It is often easy to find information on companies sending fake invoices.

CEO fraud

CEO fraud is a type of scam where a criminal pretends to be a company’s CEO or some other executive. Under this false identity, the criminal contacts an employee of the company and asks them to urgently complete an account transfer or some other payment transaction.

Tips on how to avoid CEO fraud:

• If you receive payment instructions by email, don’t follow them. Call the sender of the email and check if the message is genuine.

• If you feel uncertain, consult a colleague.

• Train your personnel to identify risks and secure ways of working.

• Introduce internal procedures for handling payment requests sent by email.

• Always contact your bank if you have received payment instructions from a scammer or if you suspect you have been scammed.