Different types of scams

Fake websites pop up on search engines

Fraudsters set up fake websites designed to look like the websites of various banks, companies and public authorities and these fake websites may sometimes pop up on search engines, such as Google and Bing. This often occurs when you use a search engine to access the websites of banks, health care services, the Tax Administration and Kela or the MyKanta service. The fake websites are typically identical copies of the original websites and used to deceive users into entering their online banking codes and other sensitive information on the websites.

There are also many fake customer service websites that are designed to look like they belong to a legitimate service, such as Facebook, PayPal or Gmail. These websites may include phone numbers to contact centres that are controlled by the scammers. When you call a fake customer service number, the scammers will attempt to manipulate you into installing remote access software on your device, confirming payments and disclosing sensitive information. 

Tips on how to avoid search engine scams:

• Don’t enter your online banking codes on websites you have accessed through a search engine.
• When you need to access the website of a bank, public authority or health care service provider, for example, type the full address in your browser (such as nordea.fi or kanta.fi).
• Save websites you visit regularly and use your online banking codes to access as favourites or bookmarks to make sure you always end up on the right website.  
• Always check what you’re asked to confirm. For example, if you are logging in to MyKanta but your authentication app or device asks you to confirm that you want to log in to your online bank or to confirm a payment, you are being phished. Cancel the request and contact your bank.
• Use your bank’s mobile banking app to do your banking 
• If you suspect that a website you are visiting might be fake, leave the website. If you suspect that you may have entered your banking details on a fake website, contact your bank. 
• Never allow anyone to install remote access software on your computer or phone. Trustworthy companies don’t use them as part of their customer service.

Vishing

Voice phishing, or vishing, is used by scammers who pose as a representative of the authorities, a company or the police. The caller will often claim to be calling in order to help the victim, say the matter is urgent and try to gain the victim’s trust.

The aim of the scammer is to get the victim to use their online banking codes or to reveal them during the call. The purpose of the vishing call is to access the victim’s online bank in order to transfer money or to get the victim to confirm payments with their online banking codes or transfer money to a ‘safe account’.

Safe account scams

Safe account scams are a form of vishing where scammers try to get you to move your money to a ‘safe account’. The caller may pretend to be from a collection agency, public authority or bank. Before the call, you may get a phishing message in which the scammer attempts to steal your online banking codes and potentially other sensitive information. 

The scammer will claim that your money is at risk and that you need to transfer it somewhere safe. They will attempt to manipulate you into transferring the money to another bank account and even installing remote access software on your computer. In reality, this ‘safe account’ is controlled by the criminals. Banks, public authorities and other organisations will never ask you to move your money to such bank accounts.

Technical support scam

The number of scamming calls made in the name of well-known IT companies, such as Microsoft, have increased in Finland in recent years. The scammers will call the victim and claim to be Microsoft employees and they will often speak in English.

The victim is told that their computer possibly has a new virus and it must be cleaned. During the phone call, remote access software is installed on the victim’s computer. At the end of the call, the victim must pay for the service, but will be charged hundreds or even thousands of euros from their account.

The National Cyber Security Centre and the police have warned about technical support scams, urging people to be vigilant.

Tips on how to avoid vishing scams:

• Never reveal your personal online banking codes or account details over the phone even if the caller demands it or claims to be asking for them for your own security.
• Remember that representatives of the police, your bank or the authorities will never call to ask you for your online banking codes.
  
• Vishing calls may also come from Finnish phone numbers. If a call seems suspicious, you should hang up. You can verify with the customer service of the service provider in question whether they have tried to contact you.
• Large companies such as Microsoft don’t call their customers. If you receive a phone call from someone claiming to be a Microsoft employee, you should hang up.
• If there are problems with your computer, contact the technical support for the device.
• Never allow anyone to install remote access software on your computer or phone. The authorities and trustworthy companies don’t use them as part of their customer service.
• Never move your money to a “safe account”. Hang up the call and contact your bank. 

Investment scam

In an investment scam, the victim is contacted and told about an amazing investment opportunity. The caller may propose an investment in shares, funds, cryptocurrencies or binary options. What the investments have in common is that their future prospects sound almost too good to be true.

Often an investment scam will begin with an initial payment of a few hundred euros. The scammers will send their victim regular messages about the performance of their investment. In the messages, they will also ask the victim to invest more money in the highly profitable assets. In reality, the investment doesn’t even exist and the money paid by the victim is pocketed by the scammers.

Tips on how to avoid investment scams:

• Check that the company offering investment services has a valid licence and find out for how long the company has engaged in investment activities.
• Remember that cryptocurrency services will never contact customers by phone. They only provide a platform for trading.
• Reputable companies seldom offer investment opportunities to anybody over the phone, especially in the evening.
• Check if the company is on the Finnish Financial Supervisory Authority's warning list and try to find out further information on the company on the internet.
• You should never allow anybody to install remote access software on your devices.

Romance scam

In a romance scam, the scammer meets the victim on the internet, for example through Facebook, Instagram or dating sites. The scammer will contact the victim and send messages actively. Often the scammer will claim to be a soldier on a foreign mission or an engineer travelling a lot around the world who may have contacts in Finland.

Soon after the first contact, the scammer will claim to be in love with the victim and begin planning a future together. After a while, the scammer will ask for money for various purposes, such as hospital bills or trips. Often the scammer will give a good reason for asking for money, and the sooner the victim sends it, the sooner they can start their future together. The contacts may continue for several months.

Tips on how to avoid love scams:

• If a person you meet online asks you for money, you should be wary. Unfortunately, such requests are almost always a scam.
• Romance scammers usually don’t agree to speak on the phone or to have a video call. If a person you meet on the internet is unable to call you or join a video call, they are most likely a scammer.
• Remember that romance scammers take advantage of people’s desire to help. They may send documents or other proof that supports their story.
• If you notice that you have been scammed, inform your bank of this and report the scam to the police. You won’t be the first or the last victim of a love scam.
• You can get peer support from the website of Victim Support FinlandOpens new window. You can also call them anonymously.

Identity theft

Identity theft means using another person’s identity for buying goods, placing orders or taking out loans, for example. Signing up for services in another person’s name, especially online, can happen quickly.

Tips for avoiding identity theft:

• Be careful as to what information you reveal about yourself on the internet and on social media.
• If your personal identity information ends up in the wrong hands, please contact your bank immediately to block your online banking codes, payment cards and other services. 
• Sign up for the Oma Luottokielto service, which makes it harder to misuse your credit information, offered by Suomen Asiakastieto. You can sign up for the service on Suomen Asiakastieto’s websiteOpens new window. 

Online shopping scam

In online shopping scams or lottery scams, the victim is asked to give their card number in order to participate in a lottery or survey, redeem a “prize”, pay for “insufficient postage”, order a sample or buy an inexpensive product (such as a smartphone, tablet, gift voucher, shoes or samples of beauty or health care products). 

While paying for an initial sum of a few euros, the victim accepts the terms and conditions of the service provider. By doing this, the victim signs up for the seller’s service, which leads to monthly debits to the victim’s payment card. The debits can amount to tens of euros per months.

It may be extremely difficult to discontinue the unintended agreement, so the victim should close their card and order a new one, which will terminate the monthly debits. You can file a complaint about the charged payments with your bank.

Tips on how to avoid online shopping scams:

• Don’t provide your card details in a reply to a message or through a link you have not asked for or if you are unsure about the service provider’s trustworthiness.
• Remember that online shopping scams and lottery scams are marketed in the name of well-known companies and stores that actually have nothing to do with the prize draws or products offered.
• Attractive advertisements and offers are actively posted on social media, especially on Facebook. So please be careful online.
• If you notice any suspicious debits on your card, please initially contact the company that debited you. Its contact details will often be found on the internet. If you don’t recognise some purchases, block your card through mobile bank or by calling the card blocking service, tel. +358 20 333 (local rates apply*).

Laundering of illegal funds

A money mule is a person who is recruited to receive and transfer money obtained by criminal means through their account. Typically, the mule is paid a small commission for the money transferred.

The victims of scams are also sometimes used for concealing the origin of illegally acquired funds. This is commonplace especially in romance scams. The scammer tells the victim that they need help with a money transfer which, for some reason or another, they are unable to complete through their own account. The victim is given an account number to which they should transfer the money after receiving them on their personal account. However, every account holder is obliged to know the origin of the funds held on their account.

Tips for avoiding becoming a money mule:

• If you are not sure about some of the funds on your account, please contact your bank or the police immediately before making any transfers.  Suspicious cases are always investigated by the police. In addition, your bank may have to restrict the customer’s services.
• Be careful about any requests to transfer money. Especially if you have met the person online and they ask you to make a transfer.
• If you feel suspicious about the request or the origin of the funds, do not make the transfer.
• If you notice that you have been used as a money mule, contact the local police. Also contact your own bank and ask for a thorough investigation of the payments you have made.

CEO fraud

CEO fraud is a type of scam where a criminal pretends to be a company’s CEO or some other executive. Under this false identity, the criminal contacts an employee of the company and asks them to urgently complete an account transfer or some other payment transaction.

Tips on how to avoid CEO fraud:

• If you receive payment instructions by email, don’t follow them. Call the sender of the email and check if the message is genuine.

• If you feel uncertain, consult a colleague.

• Train your personnel to identify risks and secure ways of working.

• Introduce internal procedures for handling payment requests sent by email.

• Always contact your bank if you have received payment instructions from a scammer or if you suspect you have been scammed.

Fake invoices and invoice fraud

Fake invoices are sent by scammers requesting payment for a product or service that the targeted person or company has not ordered and that have not been delivered. Fake invoices are often sent by email. Someone posing as a seller may also call and demand money over the phone, claiming that the company has concluded an agreement with them.

Scammers may also hack a company’s email and edit the account number on an outgoing payment to direct it to the scammers’ own account.

Tips for dealing with fake invoices:

• Check whether the invoice makes sense and whether you or your company have bought the product or service in question.
• Check the address of the sender of the email invoice even if it looks familiar.
• Make sure your company has clear invoicing procedures and instructions for paying invoices and train your employees to follow them.
• If the invoice is recurring, check that the recipient’s account number is the same as on the previous invoices.
• Search the internet for information on the sender of the invoice. It is often easy to find information on companies sending fake invoices.