14 DAY TRIAL // A new outbreak of a phishing campaign has been spotted, the operators behind it seeking to steal banking credentials by sending unsuspecting users messages claiming to be from debt collectors.
The customers of the Aktia, Nordea, and Nooa Säästöpankki Finnish banks are targeted in this malicious campaign. They are informed via a fake email that they have an invoice that has not been paid and are strongly suggested to make the payment.
A link to a phishing website impersonating the bank's log-in page is provided for the potential victims to follow, where they can authenticate with the necessary credentials, which are automatically sent to the cybercriminals.
According to Helsinki Times, the campaign started last spring and its operators managed to make bank transfers estimated at around €500,000 / $670,000. The scammers rely not just on emails but on SMS messages, as well.
Detective Superintendent Jukkapekka Risu from Helsinki Police has said that lately it has been observed that the bank transfers have become more frequent and that at least €50,000 / $67,000 have been withdrawn.
The policeman also told the newspaper that most of the victims from the last month, 95%, were women. One reason, he alleges, might be the fact that women are more inclined to pay the bills or the debts.
The perpetrators are known to the authorities, and six of them have been sent to jail, but the head of the operation has not been caught yet. He was convicted in absentia for web fraud and managed to evade authorities. When caught, he faces additional charges, for 300 frauds and 30 computer hacking counts.
Some banks have already alerted their customers of the phishing scams and informed that they do not contact customers via email or phone to provide personal access codes.
Staying safe from phishing scams is not too complicated. Avast provides a simple list that should work in most cases.
First of all, users are advised not to follow the links, or open attachments in emails coming from suspicious or unknown senders. If the message is bank related, a good idea is to call the bank.
However, since scammers can sometimes include a phone number in the message, it is best to look for the real contact number of the bank.
Another good thing to remember is that banks never ask clients for names and least of all, credentials and ID numbers by email or text.