Phishing messages – Spot phishing emails and text messages

Phishing emails are sent in the name of banks or other official organisations requesting the victim’s online banking credentials, card details or other personal information. Messages can be disguised as having been sent from any company or official organisation, and they may look genuine. Often they will ask you to do something, such as confirm your identity, prevent a credit transfer, install an update or sign a document through a link in the message. 

Receiving a scam message or clicking a link doesn’t automatically mean that you are in danger. Scammers try to trick you into clicking a link and entering your online banking credentials or card details on the website to which the link leads. 

The fake website can look very credible. The website address can look very much the same as that of the genuine website. The fake website can also contain information and images copied from the genuine website. 

Never click on any links in emails and enter your personal information. Visit a website by typing the entire website address in your browser’s address field.

So-called hybrid scams involve different contacting methods. The first step is often a text message saying that the recipient has an overdue payment or that an unauthorised person has used their services, for example. The message is often urgent and disguised as having been sent by an official authority or a well-known company. The message states that the recipient will soon receive a phone call or contains a phone number that the recipient is urged to call. 

During the call, the criminals claim to represent a certain company or a bank’s data security department, for instance. They are phishing for online banking credentials or trying to get the caller to confirm payments or to download malicious software on their phone. 

If you receive a message urging you to contact a company, check the company’s contact details from its website. Don’t let anyone download any software on your device and only install apps from your device’s app store. 

• Never provide your personal or banking information by replying to the email or text message or filling them in through any links.
  
• Log in to all your services directly from the website of the service provider. Don’t log in to a service via a link included in a message or through search engines. 
• Don’t open links or attached files you have received from a sender you don’t know.
• Smishing messages are often disguised as having been sent from the service numbers of well-known companies, such as Nordea or Posti. Remember that smishing messages may end up on the same list as genuine ones.
• If a message seems suspicious, you should delete it. You can verify with the customer service of the service provider in question whether they have tried to contact you.
• Check the authenticity of email messages by clicking the sender’s email address. If the address looks suspicious, the message is certain to be fake.