Different types of fraud

Phishing is an email scam sent in the name of banks or the authorities requesting the victim’s online banking codes, card details or PIN. Smishing is the same type of scam, only sent by SMS. The messages may look genuine and convincing. Often they will ask you to confirm your identity, prevent a credit transfer, install an update or sign a document through a link in the message.

Smishing text messages may arrive in the same message thread as those sent by your bank.

Nordea or the authorities will never ask for your online banking credentials, card details or PIN over the phone, in a text message, by email or on social media. 

We will never request your personal banking details or ask you to follow a link to log in to Nordea Mobile or Netbank in our newsletters.

Tips on how to deal with phishing and smishing scams:

• Never provide your personal or banking information by replying to the email or SMS or filling them in through any links.
  
• Log in to all your services directly from the website of the service provider. Don’t log in to a service via a link included in a message or through search engines. 
• Don’t open links or appended files you have received from a sender you don’t know.
• Smishing messages are often disguised as having been sent from the service numbers of well-known companies, such as Nordea or Posti. Remember that smishing messages may end up on the same message thread as genuine ones.
• If a message seems suspicious, you should delete it. You can verify with the customer service of the service provider in question whether they have tried to contact you.
• Check the authenticity of email messages by clicking the sender’s email address. If the address looks suspicious, the message is certain to be fake.

Voice phishing, or vishing, is used by scammers who pose as a representative of the authorities, a company or the police. The caller will often claim to be calling in order to help the victim, say the matter is urgent and try to gain the victim’s trust.

The aim of the scammer is to get the victim to use their online banking codes or to reveal them during the call. The purpose of the vishing call is to access the victim’s online bank in order to transfer money or to get the victim to confirm payments with their online banking codes or transfer money to a ‘safe account’.

Safe account scams

Safe account scams are a form of vishing where scammers try to get you to move your money to a ‘safe account’. The caller may pretend to be from a collection agency, public authority or bank. Before the call, you may get a phishing message in which the scammer attempts to steal your online banking codes and potentially other sensitive information. 

The scammer will claim that your money is at risk and that you need to transfer it somewhere safe. They will attempt to manipulate you into transferring the money to another bank account and even installing remote access software on your computer. In reality, this ‘safe account’ is controlled by the criminals. Banks, public authorities and other organisations will never ask you to move your money to such bank accounts.

Technical support scam

The number of scamming calls made in the name of well-known IT companies, such as Microsoft, have increased in Finland in recent years. The scammers will call the victim and claim to be Microsoft employees and they will often speak in English.

The victim is told that their computer possibly has a new virus and it must be cleaned. During the phone call, remote access software is installed on the victim’s computer. At the end of the call, the victim must pay for the service, but will be charged hundreds or even thousands of euros from their account.

The National Cyber Security Centre and the police have warned about technical support scams, urging people to be vigilant.

Tips on how to avoid vishing scams:

• Never reveal your personal online banking codes or account details over the phone even if the caller demands it or claims to be asking for them for your own security.
• Remember that representatives of the police, your bank or the authorities will never call to ask you for your online banking codes.
  
• Vishing calls may also come from Finnish phone numbers. If a call seems suspicious, you should hang up. You can verify with the customer service of the service provider in question whether they have tried to contact you.
• Large companies such as Microsoft don’t call their customers. If you receive a phone call from someone claiming to be a Microsoft employee, you should hang up.
• If there are problems with your computer, contact the technical support for the device.
• Never allow anyone to install remote access software on your computer or phone. The authorities and trustworthy companies don’t use them as part of their customer service.
• Never move your money to a “safe account”. Hang up the call and contact your bank. 

In an investment scam, the victim is contacted and told about an amazing investment opportunity. The caller may propose an investment in shares, funds, cryptocurrencies or binary options. What the investments have in common is that their future prospects sound almost too good to be true.

Often an investment scam will begin with an initial payment of a few hundred euros. The scammers will send their victim regular messages about the performance of their investment. In the messages, they will also ask the victim to invest more money in the highly profitable assets. In reality, the investment doesn’t even exist and the money paid by the victim is pocketed by the scammers.

Tips on how to avoid investment scams:

• Check that the company offering investment services has a valid licence and find out for how long the company has engaged in investment activities.
• Remember that cryptocurrency services will never contact customers by phone. They only provide a platform for trading.
• Reputable companies seldom offer investment opportunities to anybody over the phone, especially in the evening.
• Check if the company is on the Finnish Financial Supervisory Authority's warning list and try to find out further information on the company on the internet.
• You should never allow anybody to install remote access software on your devices.

In a romance scam, the scammer meets the victim on the internet, for example through Facebook, Instagram or dating sites. The scammer will contact the victim and send messages actively. Often the scammer will claim to be a soldier on a foreign mission or an engineer travelling a lot around the world who may have contacts in Finland.

Soon after the first contact, the scammer will claim to be in love with the victim and begin planning a future together. After a while, the scammer will ask for money for various purposes, such as hospital bills or trips. Often the scammer will give a good reason for asking for money, and the sooner the victim sends it, the sooner they can start their future together. The contacts may continue for several months.

Tips on how to avoid love scams:

• If a person you meet online asks you for money, you should be wary. Unfortunately, such requests are almost always a scam.
• Romance scammers usually don’t agree to speak on the phone or to have a video call. If a person you meet on the internet is unable to call you or join a video call, they are most likely a scammer.
• Remember that romance scammers take advantage of people’s desire to help. They may send documents or other proof that supports their story.
• If you notice that you have been scammed, inform your bank of this and report the scam to the police. You won’t be the first or the last victim of a love scam.
• You can get peer support from the website of Victim Support FinlandOpens new window. You can also call them anonymously.

Identity theft means using another person’s identity for buying goods, placing orders or taking out loans, for example. Signing up for services in another person’s name, especially online, can happen quickly.

Tips for avoiding identity theft:

• Be careful as to what information you reveal about yourself on the internet and on social media.
• If your personal identity information ends up in the wrong hands, please contact your bank immediately to block your online banking codes, payment cards and other services. 
• Sign up for the Oma Luottokielto service, which makes it harder to misuse your credit information, offered by Suomen Asiakastieto. You can sign up for the service on Suomen Asiakastieto’s websiteOpens new window. 

In online shopping scams or lottery scams, the victim is asked to give their card number in order to participate in a lottery or survey, redeem a “prize”, pay for “insufficient postage”, order a sample or buy an inexpensive product (such as a smartphone, tablet, gift voucher, shoes or samples of beauty or health care products). 

While paying for an initial sum of a few euros, the victim accepts the terms and conditions of the service provider. By doing this, the victim signs up for the seller’s service, which leads to monthly debits to the victim’s payment card. The debits can amount to tens of euros per months.

It may be extremely difficult to discontinue the unintended agreement, so the victim should close their card and order a new one, which will terminate the monthly debits. You can file a complaint about the charged payments with your bank.

Tips on how to avoid online shopping scams:

• Don’t provide your card details in a reply to a message or through a link you have not asked for or if you are unsure about the service provider’s trustworthiness.
• Remember that online shopping scams and lottery scams are marketed in the name of well-known companies and stores that actually have nothing to do with the prize draws or products offered.
• Attractive advertisements and offers are actively posted on social media, especially on Facebook. So please be careful online.
• If you notice any suspicious debits on your card, please initially contact the company that debited you. Its contact details will often be found on the internet. If you don’t recognise some purchases, block your card through mobile bank or by calling the card blocking service, tel. +358 20 333 (local rates apply*).

A money mule is a person who is recruited to receive and transfer money obtained by criminal means through their account. Typically, the mule is paid a small commission for the money transferred.

The victims of scams are also sometimes used for concealing the origin of illegally acquired funds. This is commonplace especially in romance scams. The scammer tells the victim that they need help with a money transfer which, for some reason or another, they are unable to complete through their own account. The victim is given an account number to which they should transfer the money after receiving them on their personal account. However, every account holder is obliged to know the origin of the funds held on their account.

Tips for avoiding becoming a money mule:

• If you are not sure about some of the funds on your account, please contact your bank or the police immediately before making any transfers.  Suspicious cases are always investigated by the police. In addition, your bank may have to restrict the customer’s services.
• Be careful about any requests to transfer money. Especially if you have met the person online and they ask you to make a transfer.
• If you feel suspicious about the request or the origin of the funds, do not make the transfer.
• If you notice that you have been used as a money mule, contact the local police. Also contact your own bank and ask for a thorough investigation of the payments you have made.

CEO fraud is a type of scam where a criminal pretends to be a company’s CEO or some other executive. Under this false identity, the criminal contacts an employee of the company and asks them to urgently complete an account transfer or some other payment transaction.

Tips on how to avoid CEO fraud:

• If you receive payment instructions by email, don’t follow them. Call the sender of the email and check if the message is genuine.

• If you feel uncertain, consult a colleague.

• Train your personnel to identify risks and secure ways of working.

• Introduce internal procedures for handling payment requests sent by email.

• Always contact your bank if you have received payment instructions from a scammer or if you suspect you have been scammed.

Fake invoices are sent by scammers requesting payment for a product or service that the targeted person or company has not ordered and that have not been delivered. Fake invoices are often sent by email. Someone posing as a seller may also call and demand money over the phone, claiming that the company has concluded an agreement with them.

Scammers may also hack a company’s email and edit the account number on an outgoing payment to direct it to the scammers’ own account.

Tips for dealing with fake invoices:

• Check whether the invoice makes sense and whether you or your company have bought the product or service in question.
• Check the address of the sender of the email invoice even if it looks familiar.
• Make sure your company has clear invoicing procedures and instructions for paying invoices and train your employees to follow them.
• If the invoice is recurring, check that the recipient’s account number is the same as on the previous invoices.
• Search the internet for information on the sender of the invoice. It is often easy to find information on companies sending fake invoices.