Surge in fraudulent SMS threatens Finnish users
A surge of fraudulent SMS messages is circulating, targeting users of various trusted healthcare, tax, and government services in Finland. These scams impersonate familiar platforms, attempting to deceive recipients into providing sensitive data, such as banking credentials and personal information, by redirecting them to fake websites that closely mimic legitimate sites.
Additionally, F-Secure’s SMS Scam Protection feature has detected an increase in these types of scam text messages. We have observed SMS messages impersonating Vero, Traficom, OmaKanta, Posti, and Terveystalo. Concerned organizations, platforms, and the police department have issued warnings on their websites, advising the public to stay alert, as these scams pose significant financial risks and threatens the security of personal information.
Scammers use trusted organizations to get your trust
The latest wave of SMS-based phishing scams (or “smishing”) involves fake notifications from well-known agencies and service providers across multiple sectors, including healthcare, tax, and government services. Criminals use these messages to exploit public trust in these institutions, often using urgent language and threats of financial or legal repercussions to prompt immediate action from recipients.
For instance, some scam messages claim there is an overdue invoice in an online healthcare portal, warning of enforcement actions unless payment is made. Others might impersonate tax services, mentioning an upcoming tax refund or missing payment, and prompt the recipient to log in via a provided link. Messages targeting government service users often claim unresolved issues related to vehicle registration, unpaid fines, or licensing that require immediate attention.
Fraudsters often make subtle adjustments to agency names in their messages — such as replacing letters with numbers to mimic legitimate organizations. For example, OmaKanta has been altered to appear as “KANTA 0Y” or “0MAKANTA 0Y,” with the letter “O” replaced by the number “0”, while Terveystalo is sometimes presented as “TERVEYSTAl0.” These minor changes are easy to overlook, tricking recipients into believing the message comes from a trusted source. By disguising the sender’s identity in this way, criminals aim to create a false sense of legitimacy and prompt quick responses from recipients.
How to stay safe against recent scam SMS messages
Most trusted services do not request personal identification or financial information through unsolicited SMS messages or electronic communications. If you suspect that you may be the target of a phishing attempt or if you’ve encountered a suspicious message, take these steps to protect yourself and your information:
Do not engage with the message: Avoid replying to the message or entering any information in forms or fields on a suspicious website. Do not click on any links or forward any information from the message.
Avoid clicking links in messages: For service portals such as healthcare, tax, banks or government websites, always navigate directly to their official websites by typing the address into your browser. Do not log in through links sent in messages. If you’re uncertain about the sender or the intent of a message, avoid entering any personal or banking credentials on websites accessed through links from SMS message.
Contact your bank if necessary: If you suspect that your online banking credentials may have been compromised, immediately contact your bank’s customer service to secure your account. Once your bank is informed, report the incident to the police to prevent further misuse.
Follow official guidance on data breaches: If you believe your personal data has been exposed, follow the instructions provided on the suomi.fi service: My personal data has been stolen or leaked.
Contact relevant authorities if you identify yourself on a suspicious site: If you suspect that you may have identified yourself on a phishing website (e.g., entered an ID number or used mobile identification), immediately contact the issuer of your identification device. This is typically your bank, or in the case of mobile certificates, your telecom operator.
Report new phishing messages: If you encounter a suspicious message that appears to be from a recognized agency or service, report it directly to the organization. Be sure to check the official notifications on their website for guidance.
Consider using free tools provided by F‑Secure for enhanced safety: F‑Secure offers security tools to help users stay protected, including the F‑Secure Link Checker, which verifies if a link is safe to open; the Online Shopping Checker, which assesses whether an online store is legitimate or fraudulent; and the Text Message Checker, which identifies potential scam SMS messages.
Following these steps can help safeguard your personal information and prevent unauthorized access to your accounts. Remain vigilant and cautious with unexpected messages that request personal information or banking details.