Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

helsinki phishing scamThe Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent text messages impersonating Posti Group, Finland’s main postal service. The messages claimed that packages addressed to the user had been sent to their nearest post office. The user was instructed to click a link in the message that would take them to a phishing site, where they were told to verify their identity by entering their banking details.

“The scheme involved getting victims to hand over their personal details and online banking information, which were then used to get instant loans,” Yle explains. “The loans were then immediately transferred to a bank account in Finland and withdrawn from ATMs in Estonia. Police say that different individuals were used to withdraw the funds and to pass them along to others in the criminal chain. Initial information suggests that banking information from customers of Nordea and OP banks was used to apply for the payday loans.”

The police said thirty victims fell for the scam and each lost an average of approximately 19,000 euros. Helsinki police detective Jukkapekka Risu said the scammers had planned the scheme precisely and exercised good OPSEC.

“The con was professionally executed,” the detective said. “In all of the cases, the website was available for just one weekend and many text messages were sent out then. Mules were used to withdraw the money the same weekend.”

Scammers are able to craft messages and phishing sites that are indistinguishable from legitimate communications. The best way to defend yourself against these techniques is knowing how scammers operate and what they’re after. New-school security awareness training can help your employees recognize social engineering tactics so they can avoid falling for these types of scams.

Yle has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews