Article

Spike in scam SMS hits Finland’s trusted health, tax, and government services

A confused man with a laptop eyeing him
Apramey Bhat
|
Nov 8, 2024
|
4 min read

Surge in fraudulent SMS threatens Finnish users

A surge of fraudulent SMS messages is circulating, targeting users of various trusted health­care, tax, and government services in Finland. These scams impersonate familiar plat­forms, attempting to deceive recipients into providing sensitive data, such as banking credentials and personal information, by redirecting them to fake web­sites that closely mimic legitimate sites.

Additionally, F-Secure’s SMS Scam Protection feature has detected an increase in these types of scam text messages. We have observed SMS messages impersonating Vero, Traficom, OmaKanta, Posti, and Terveys­talo. Concerned organizations, plat­forms, and the police department have issued warnings on their web­sites, advising the public to stay alert, as these scams pose significant financial risks and threatens the security of personal information.

Scammers use trusted organizations to get your trust

The latest wave of SMS-based phishing scams (or “smishing”) involves fake notifications from well-known agencies and service providers across multiple sectors, including health­care, tax, and government services. Criminals use these messages to exploit public trust in these institutions, often using urgent language and threats of financial or legal repercussions to prompt immediate action from recipients.

For instance, some scam messages claim there is an overdue invoice in an online health­care portal, warning of enforcement actions unless payment is made. Others might impersonate tax services, mentioning an upcoming tax refund or missing payment, and prompt the recipient to log in via a provided link. Messages targeting government service users often claim unresolved issues related to vehicle registration, unpaid fines, or licensing that require immediate attention.

Fraudsters often make subtle adjustments to agency names in their messages — such as replacing letters with numbers to mimic legitimate organizations. For example, OmaKanta has been altered to appear as “KANTA 0Y” or “0MAKANTA 0Y,” with the letter “O” replaced by the number “0”, while Terveys­talo is some­times presented as “TERVEYSTAl0.” These minor changes are easy to over­look, tricking recipients into believing the message comes from a trusted source. By disguising the sender’s identity in this way, criminals aim to create a false sense of legitimacy and prompt quick responses from recipients.

Esimerkkejä F-Securen havaitsemista huijausviesteistä

How to stay safe against recent scam SMS messages

Most trusted services do not request personal identification or financial information through unsolicited SMS messages or electronic communications. If you suspect that you may be the target of a phishing attempt or if you’ve encountered a suspicious message, take these steps to protect your­self and your information:

  • Do not engage with the message: Avoid replying to the message or entering any information in forms or fields on a suspicious web­site. Do not click on any links or forward any information from the message.

  • Avoid clicking links in messages: For service portals such as health­care, tax, banks or government web­sites, always navigate directly to their official web­sites by typing the address into your browser. Do not log in through links sent in messages. If you’re uncertain about the sender or the intent of a message, avoid entering any personal or banking credentials on web­sites accessed through links from SMS message.

  • Contact your bank if necessary: If you suspect that your online banking credentials may have been compromised, immediately contact your bank’s customer service to secure your account. Once your bank is informed, report the incident to the police to prevent further misuse.

  • Follow official guidance on data breaches: If you believe your personal data has been exposed, follow the instructions provided on the suomi.fi service: My personal data has been stolen or leaked.

  • Contact relevant authorities if you identify yourself on a suspicious site: If you suspect that you may have identified your­self on a phishing web­site (e.g., entered an ID number or used mobile identification), immediately contact the issuer of your identification device. This is typically your bank, or in the case of mobile certificates, your telecom operator.

  • Report new phishing messages: If you encounter a suspicious message that appears to be from a recognized agency or service, report it directly to the organization. Be sure to check the official notifications on their web­site for guidance.

  • Consider using free tools provided by F‑Secure for enhanced safety: F‑Secure offers security tools to help users stay protected, including the F‑Secure Link Checker, which verifies if a link is safe to open; the Online Shopping Checker, which assesses whether an online store is legitimate or fraudulent; and the Text Message Checker, which identifies potential scam SMS messages.

Following these steps can help safeguard your personal information and prevent unauthorized access to your accounts. Remain vigilant and cautious with unexpected messages that request personal information or banking details.

total app on different devices

Block online scams and threats with F‑Secure Total

Protecting your digital life is easy with F‑Secure's unrivaled protection, helping you and your family to stay safe against online scams, malware, identity theft, unsafe Wi-Fi networks and much more.

  • Avoid SMS scams, fake shops and malicious websites automatically

  • Stop malware with top-rated antivirus software

  • Protect your personal data online and prevent ID theft

  • Create strong pass­words and store them in a secure vault

  • Safeguard your privacy with unlimited VPN

Read more about Total