Front Page: NCSC-FI
Front Page: NCSC-FI
Go to Search

Fraudsters stealing banking credentials with fake My Kanta Pages and Suomi.fi messages

Alert3/2021

There are active campaigns in which fraudsters try to steal online banking details via fake website links sent by email pretending to contact people in the name of My Kanta Pages and the Suomi.fi service. If you use the services via your web browser, always log in to the service by typing the full address of the website in your browser’s address bar. Using the relevant mobile applications will also protect you against attempts to steal your banking credentials.

In the past few days, the National Cyber Security Centre Finland at the Finnish Transport and Communications Agency (Traficom) has received reports about fraudulent messages that appear genuine. These messages have tried to lure victims to give their online banking details to criminals. Messages are being sent in the name of My Kanta Pages and the Suomi.fi service.

Scams to steal banking credentials have continued for several weeks. Fraudsters have pretended to contact people on behalf of banks or popular e-services.

Campaign to phish banking credentials has already lasted two weeks

The current phishing campaign has a lot in common with the bank frauds we have reported earlier. The messages and operating models seem similar. It appears that the fraudsters have replaced the names of banks with the services My Kanta Pages and Suomi.fi.

The messages are written in fluent and correct language, and they are not instantly recognisable as phishing attempts. By clicking on the link in the message, the reader is directed to a fake website set up by the criminals. These websites appear genuine. They look identical to or very similar with the real websites used by the services, and it is difficult to spot differences between the fake and the real website.

Nordean kirjautumissivua muistuttava huijaussivusto, jonka osoite on nordaeverkossa.site
Online scammers register domain names for their phishing sites that are almost identical with original domain names in form and name. Read the website address carefully.
OP:n sivustoa muistuttava huijaussivusto, jonka osoite on webvinfotech.com
Take care not to enter your information on any websites whose authenticity you doubt.

Target group of the alert

Criminals try to steal people’s banking details. Online bank login credentials are valuable to criminals because, in addition to stealing money, they can be used for strong electronic identification. If identification means fall into the wrong hands, they can be used for identity theft, for example.

The banks or e-services whose names are used in the scams have nothing to do with the fraud attempts.

Fraudulent messages in fluent Finnish

The messages pretending to be from the Suomi.fi service claim that the recipient has received an important document in his or her Suomi.fi Messages mailbox. The messages ask recipients to identify themselves to be able to read the document and send messages to the authorities. The fake Suomi.fi phishing website seems very genuine, and the texts on the page are written in almost flawless Finnish.

In the name of My Kanta Pages, people have been contacted by email requesting them to log in to their My Kanta Pages via a link in the message. The message also refers to a COVID-19 certificate and a COVID-19 vaccination certificate. Despite such messages, My Kanta Pages should always be accessed only by logging in at kanta.fi.

The phishing attempts do not, as such, target the services mentioned in the messages. The names of familiar public services are simply used to lure victims into giving their personal information and details.

The fact that the names of popular and well-known services are used in fraud campaigns may damage the reputation of these services.

Possible solutions and restrictive measures

  • Never click on links in phishing messages or reply to the messages.
  • Never log in to your online bank or an electronic service directly from search engine results or via links you have receive by email or SMS.
  • If you are a victim of payment fraud or a scam made by someone pretending to be from a bank or a financial institution, you should also report the offence to the organisation in question.
  • Even though the banks and companies that fraudsters pretend to represent are not behind the fraud, they are interested in receiving information about such cases so they can warn their other customers.
  • After contacting the organisation in question, you should also report the fraud to the police. You can report a crime online or at your local police station.

More Information

Read more about the subject in a relevant Information Security Now! article . (in Finnish)