Phishing

Phishing emails are sent in the name of banks or other official organisations requesting the victim’s online banking credentials, card details or other personal information. Messages can be disguised as having been sent from any company or official organisation, and they may look genuine. Often they will ask you to do something, such as confirm your identity, prevent a credit transfer, install an update or sign a document through a link in the message. 

Receiving a scam message or clicking a link doesn’t automatically mean that you are in danger. Scammers try to trick you into clicking a link and entering your online banking credentials or card details on the website to which the link leads. 

The fake website can look very credible. The website address can look very much the same as that of the genuine website. The fake website can also contain information and images copied from the genuine website. 

Never click on any links in emails and enter your personal information. Visit a website by typing the entire website address in your browser’s address field.

Fraudulent text messages (smishing)

More and more fraudulent text messages are being sent. In smishing, the scammer sends the victim a text message with the purpose of obtaining confidential information. The scammer may also pretend to be a family member of the victim, for instance, and in this way manipulate them to make credit transfers. Smishing messages can urge the recipient to click a link in the same way as phishing emails. The fake website that opens through the link can look very credible. 

Smishing messages do not necessarily contain a link but a phone number that you are urged to call. The phone number doesn’t belong to the company that has seemingly sent the message. Instead, the call will be answered by criminals posing as the company’s employees. 

Smishing messages disguised as having been sent by an official authority can appear in the same chain of messages as its genuine messages. You should therefore read the message carefully and think whether the contact is genuine. You should never share your online banking credentials or card details on websites that you have accessed through a link in a message. If you are asked to contact a company, check the company’s contact details from its website. 

Hybrid scams involve several contacting methods

So-called hybrid scams involve different contacting methods. The first step is often a text message saying that the recipient has an overdue payment or that an unauthorised person has used their services, for example. The message is often urgent and disguised as having been sent by an official authority or a well-known company. The message states that the recipient will soon receive a phone call or contains a phone number that the recipient is urged to call. 

During the call, the criminals claim to represent a certain company or a bank’s data security department, for instance. They are phishing for online banking credentials or trying to get the caller to confirm payments or to download malicious software on their phone. 

If you receive a message urging you to contact a company, check the company’s contact details from its website. Don’t let anyone download any software on your device and only install apps from your device’s app store. 

Tips on how to deal with phishing and smishing scams

  • Never provide your personal or banking information by replying to the email or text message or filling them in through any links.
  • Log in to all your services directly from the website of the service provider. Don’t log in to a service via a link included in a message or through search engines. 
  • Don’t open links or attached files you have received from a sender you don’t know.
  • Smishing messages are often disguised as having been sent from the service numbers of well-known companies, such as Nordea or Posti. Remember that smishing messages may end up on the same list as genuine ones.
  • If a message seems suspicious, you should delete it. You can verify with the customer service of the service provider in question whether they have tried to contact you.
  • Check the authenticity of email messages by clicking the sender’s email address. If the address looks suspicious, the message is certain to be fake.