Scammers masquerading as legitimate businesses and agencies are successful in cheating people with their money, according to Juho Jauhiainen, Information Security Specialist at Traficom’s National Cyber Security Center.
Claiming to represent trusted firms like national courier company Posti, Microsoft and – more recently – the tax administration, scammers are increasingly successful.
In recent days, the criminals have carried out a new scam under the guise of the Finnish tax authorities. Victims of the scheme receive a message that a tax refund is waiting for them – and all they have to do is click on a link to collect it.
However, this link is unrelated to the tax office and instead prompts victims to disclose their personal identification numbers and credit card information, Jauhiainen explained.
One of these messages seen by Yle displayed the logo and colors of the tax administration. However, the Finnish text was rather awkward and probably a machine translation.
The story continues after the photo.
They are not really from Microsoft
Meanwhile, Microsoft’s joint IT support scam has hit targets in Finland since last year
Some 50 criminal complaints have been lodged with the Helsinki police this year, according to the head of the city’s cybercrime unit, Jukkapekka Risu.
In this scam, potential victims receive phone calls from scammers speaking broken English, falsely claiming to be from Microsoft technical support and asking for permission to remotely connect to target computers. Once this hurdle is cleared, the crooks then attempt to prey on the victims’ money, Risu explained.
“Using remote access software, at some point the scammer will darken the device screen and then erase their accounts. It often takes a while to go through everything; savings accounts and the like, as well as credit cards, “he said, adding that victim lost 85,000 victims of such a scam earlier this year.
However, in this case, those assets were successfully recovered, Risu noted.
Phone numbers used by scammers are generated automatically, so even people with unlisted numbers can be targeted, he said.
Last year, the Capital Police Department received about 1,000 complaints related to a scam from Microsoft, according to the National Bureau of Investigation (NBI) Crime Commissioner. Juha tompuri.
Millions of damages
In total, the criminals behind Microsoft’s scheme have so far defrauded around € 2.8 million from victims in Finland, with around 200 such incidents recorded across the country this year, Tompuri said, noting that he preferred the terms “fraudsters and criminals” rather than “crooks” when talking about perpetrators.
Already in less than two months this year, the Microsoft scam has cost victims more than a million euros, Tompuri noted.
“This is an activity organized by professionals,” he said.
However, he acknowledged that it is difficult to fight cyber fraud, as criminals regularly change the way they operate and are also international entities that pose challenges to traditional police work at the local level.
According to Jauhiainen of the Cyber Security Center, fraudsters often use SMS text messages. In such a system, victims receive a message that appears to be from Posti saying that a package is on its way. If the included web link is followed, a fake website is trying to siphon off personal information such as Apple ID data.
Then the scammers try to trick victims into accepting billing permissions that will later appear on their phone bills, Jauhiainen said. In some cases, malware is installed on victims’ Android smartphones.
How to protect yourself
Jauhiainen stressed that people should be careful about disclosing personal information, as well as suspecting that they are contacted by authorities like the tax office.
“The tax authorities never send links to people indicating where they can get their tax refunds. The tax service only deals with these issues through its [secure] website, ”he explained.
Authorities in general, he added, do not relay sensitive detailed information to individuals through email or web links.
The tax administration itself warns on its website that it never requests personal data such as credit card or bank account details from its customers.
First contact with the bank, then the police
Helsinki Police’s Risu said people who learn they’ve been duped should contact their bank first, then the police – especially in that order.
The bank will be able to see where the siphoned funds have gone and – if captured quickly enough – can be recovered, he explained, noting that around half of cybercrime victims are able to recover their money.
Risu said if crooks call saying they are from IT support, people should just hang up the phone.
IBN’s Tompuri said there are a few rules of thumb to avoid becoming a victim of cybercrime.
“Don’t click on links, download programs you don’t know and share your information, or at least think twice before you do it,” he said.
“If I receive an email from a company, like my bank or Posti, I never click on the links in the message, but instead go to the company’s official website,” Tompuri said.
Jauhiainen agreed with this strategy, saying people should carefully type website addresses into web browsers themselves, rather than relying on potentially questionable links.
Cybercriminals are increasingly creative in their efforts.
Recently, scammers have tried to trick people with gift card offers from companies like Tokmanni, Prisma, Elisa, Finnair, and HBO Nordic. They even used the coronavirus crisis as a way to defraud victims, according to the Cyber Security Center.
“Scammers are inventive. In practice, they can come up with anything,” Risu said.