Finnish Police participated in taking down a Phishing-as-a-Service site

Publication date 18.4.2024 11.13
News item
Template splash page.

The Finnish Police participated in an international crime prevention operation taking down LabHost, an online service specialised in phishing banking credentials and credit card details. Hosting service providers and dozens of customers of the service were arrested across Europe. The operation was led by the UK London Metropolitan Police in cooperation with Europol. A total of 19 countries took part in the operation.

The international operation was carried out between 15 and 17 April. During the operation, the authorities of the participating countries made arrests, conducted searches of premises and took control of the servers used by the suspects. 

– Finland was actively involved in the operation, and we had already made a number of arrests earlier. Three persons are suspected of frauds in Finland. Two of them operated in Ireland and one in Finland. A number of persons are also suspected of money laundering in both countries, says the tactical leader of the operation, Detective Superintendent Henry Rinteelä of the National Bureau of Investigation (NBI).

The NBI believes that the two Irish suspects were customers of the LabHost service. It is suspected that they sent hundreds of thousands of phishing messages to Finland in the name of Finnish companies, such as Posti and Osuuspankki, and that they then exploited the service’s features to carry out the actual phishing attack. In a phishing attack, the victim is tricked into giving, for example, their bank credentials to criminals, who then gain access to the victim's funds.

– Criminals exploited the service to carry out a vast number of attacks in different countries, with victims losing significant amounts of money. The service offered so-called turnkey phishing kits, which means that it enabled smooth conduct of real-time phishing attacks without hardly any advanced technical expertise, says Detective Sergeant Juha Jääskelä of the NBI, who was a member the operation's leadership at Europol.

You can read Europol's press release on the subject at the following link: International investigation disrupts phishing-as-a-service platform LabHost | Europol (

Around 300 victims are known to have lost money

The police have filed around 340 reports related to Phishing-as-a-Service attacks in Finland. In some 50 cases, the victims did not lose any money, whereas the biggest loss reported was around 90,000 euros. One victim typically lost a few thousand euros in the fraud, but the total amount of the money lost exceeds 1.9 million euros. This amount may still rise as the criminal investigation goes on.

Hundreds of phishing messages were sent to Finland within a year since autumn 2022. Criminals managed to have access to banking credentials in 2,000 cases. Nearly 300 victims lost money and reported the attacks to the police.

– The victims were of different ages and, geographically speaking, criminal reports were made to all police departments. In addition to our own criminal investigation concerning, among others, the incidents in Ireland, the NBI has carried responsibility for international exchange of information during the operation, and coordinated and supported the criminal investigations conducted by the local police departments. Cooperation at national and international level works quite well, says tactical leader Henry Rinteelä.

For example, at the Eastern Finland Police Department, around 40 criminal reports were filed relating to the operation. 

– The successful outcome of an international operation is important from the point of view of our police department. People contacted us after they had been defrauded. At worst, they may have lost their savings in an instant. They may be suffering a serious shock, and in fact, we often refer them to Victim Support Finland for support, explains Detective Sergeant Mikko Sorjonen of the Eastern Finland Police Department.

Scams are increasingly professional

Various kinds of phishing attacks, and cyber-enabled fraud in general, have shown a significant increase in recent years. The police estimate that Finnish people lose tens of millions of euros each year to criminals through various types of cyber-enabled fraud.

A current challenge for both the police and the general public is that the activities of criminals have become increasingly professional. It is more and more difficult to distinguish between phishing messages and genuine messages. 

– In this particular case, the Finnish language used in the phishing messages was very good, and the messages seemed to come from a genuine service provider. Practically anyone can fall for a scam, especially if you read messages in a hurry or if the subject matter is somehow topical for you. For example, a message about the arrival of a postal package may seem very reasonable if you have recently ordered something online, says Rinteelä.

However, the police in Finland are currently well prepared and skilled to detect, prevent and investigate this type of cybercrime.

How to protect yourself from a Phishing-as-a-Service attack

1) Do not use your banking credentials or card details through a link in a text message or email. Read carefully what you are about to verify with your credentials.
2) Banks, police or any other legitimate actors will not call you for your bank credentials or request that you transfer your funds to a 'safe' account.
3) When moving funds - do it in peace and with no hurry. Be extra careful if the transfer involves cryptocurrency or someone you have never met in person. Letters ”FI” at the beginning of an account number stand for Finland.
4) If you become a victim of fraud, contact your bank immediately to report the incident. After that, report the matter to the police.

News Offences and criminal investigation The National Bureau of Investigation