Finns have lost millions of Euros in banking frauds - Distinguishing fake websites from genuine ones may be difficult

Publication date 23.6.2021 9.00 | Published in English on 23.6.2021 at 12.03
News item

The police warn about a trending criminal phenomenon in which criminals are phishing for online banking details on fake websites imitating genuine banking websites. For the customer, it is safest to use the bank’s own mobile apps or bookmarked pages. If you think that criminals have gotten your online banking details, it is of utmost importance that you contact your bank immediately.

Screenshot of sites and addresses of fake websites and genuine online banks. The image has circled points in the address bar where the fake site can be identified. The first image shows how the first search result of a search engine when searching with the word Aktia takes you to a fake site with the address aktia-fi.com. The second picture shows the correct POP Bank address, which is www4.poppankki.fi, and the address of the fake page, which is 4-poppankki-fi.com. The third picture shows the correct Osuuspankki address, which is op.fi, and the fake page address, which is ardacompany.com.

Photo: Frauds are targeted to many banks. Web addresses of fake and genuine banking websites are shown in the screen capture. Texts squared in red show the parts based on which the website can be identified as fake. In other respects, fake websites are most often identical to genuine websites in visual appearance.

Fake banking websites are most often accessed either through malicious links within text messages or emails that were seemingly sent by a bank or search results produced by a search engine. The links are designed by criminals, and once the link is clicked, the customer is then asked to log into their own online bank. When the customer types the bank's name on a search engine, such as Google or Bing, the fake website may appear higher in the results than the genuine banking site. 

Future victims of fraud assume that they are logging into their online bank, but they actually give away their details on a website maintained by criminals. Criminals then use the details to access the victim's online bank, whereas the victims receive a request for verification of the logins. As the victims verify the login, the criminals gain access to the online bank. 

– Phishing websites are cleverly designed, and it is not always easy to detect them as fake. It may even be impossible to distinguish a fake site from a genuine one. The first victims of fraud were senior citizens, but criminals develop more and more sophisticated modi operandi, and now people of all ages have become victims. If you type your bank's name on a search engine, the results may not include the genuine webpage at all, but the search engine returns the phishing site on the highest place in the results instead. Authorities and the private sector strive to detect and remove fake sites from search results and on the internet, but new fake sites keep being created and the name of the bank may change, says Detective Chief Inspector Petteri Laitila of the National Bureau of Investigation. 

It is safest to use bank mobile apps or genuine pages that have been bookmarked. When you type your bank's website address in full in the address field of the browser, you will be taken to the genuine site. Using search engines and clicking links for accessing banking websites sites should be avoided. 

The police have received more than 360 reports of banking frauds this year. Criminal damages in these cases amount close to five million euros. Approximately 50 % of the crimes were committed during the past three weeks.

Keep the following in mind:

  • When accessing your banking website, do not click links within unsolicited text messages or emails or the search results returned by search engines.
  • Bookmark your banking website or add it to Favourites.
  • The safest way is to use your bank's mobile app.
  • Share information about the phenomenon with your family and friends.

When you believe that criminals have got your online banking details or detect unsolicited incoming or outgoing payments on your account, it is extremely important that you contact your bank straightaway and then report the crime to the police.

Banking fraud is part of a wider phenomenon

The police have received more than 900 reports of various kinds of cyber frauds. The damage caused by the offences exceeds 13.5 million euros.

–  There are several types of cyber crime. Criminals are continuously developing new ways to commit frauds on the Internet. In addition to banks, criminals also try to imitate websites of well-known companies, says Laitila.

What you can do to protect yourself from cyber fraud:

  • Do not click the link and divulge your card details or your online banking credentials.
  • Do not divulge your personal details.
  • Do not download software sent or prompted by an unsolicited sender, such as software allowing remote access.
  • As a rule, unexpected telephone calls from technical support services are scams. Scammers are most often claiming to represent Microsoft.