The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent text messages impersonating Posti Group, Finland’s main postal service. The messages claimed that packages addressed to the user had been sent to their nearest post office. The user was instructed to click a link in the message that would take them to a phishing site, where they were told to verify their identity by entering their banking details.
“The scheme involved getting victims to hand over their personal details and online banking information, which were then used to get instant loans,” Yle explains. “The loans were then immediately transferred to a bank account in Finland and withdrawn from ATMs in Estonia. Police say that different individuals were used to withdraw the funds and to pass them along to others in the criminal chain. Initial information suggests that banking information from customers of Nordea and OP banks was used to apply for the payday loans.”
The police said thirty victims fell for the scam and each lost an average of approximately 19,000 euros. Helsinki police detective Jukkapekka Risu said the scammers had planned the scheme precisely and exercised good OPSEC.
“The con was professionally executed,” the detective said. “In all of the cases, the website was available for just one weekend and many text messages were sent out then. Mules were used to withdraw the money the same weekend.”
Scammers are able to craft messages and phishing sites that are indistinguishable from legitimate communications. The best way to defend yourself against these techniques is knowing how scammers operate and what they’re after. New-school security awareness training can help your employees recognize social engineering tactics so they can avoid falling for these types of scams.
Yle has the story.