Watch out for this text message scam sent in OP’s name

Fraudsters try to send phishing text messages en masse, in which bank credentials are aimed at the same wrong hands.

Scam text messages sent in the OP’s name have increased significantly in the last four months. Anu Kivistö

Text message scams sent in the name of banks have become more common in the last four months with a huge volume.

In the example case that came to Iltalehti’s attention, the victim’s savings account was emptied in one click. The victim was asked for a bank transfer of 10,000 euros, which was only ready for confirmation.

The victim had received a message sent in the OP’s name, the link of which he had inadvertently opened. The link had taken him to a phishing address that looked like a bank’s website, where he had entered his own bank credentials.

It was only after the genuine confirmation message sent by the bank that he realized what was actually happening. The thieves missed the money thanks to the alarm bells at the last minute.

The victim will be sent a link in the name of the bank, which must not be clicked under any circumstances. EVENING PAPER

The genuine confirmation message about the payment sent by the OP saved the 10,000 euro account from being depleted. EVENING PAPER

– Here is an example of an alert customer reacting at a control point visible to the customer. In practice, the last safety net saved the situation here, OP’s head of abuse control Kim Siren visualize.

Sirén says that phishers have largely moved to SMS scams because it’s an effective way to reach large numbers of people. Text messages are often responded to faster than e-mails.

Because SMS spoofing is possible, genuine and scam messages can appear to come from the same sender.

We are trying to curb the problem together with telecom operators with technical solutions.

Shotgun shooting

Victims’ contact information can get into the hands of fraudsters, for example through information leaks or public number search services.

– They are sent en masse. Thousands or tens of thousands of messages can be sent to a targeted group of recipients practically for free.

For security, banks use the controls mentioned by Sirén, which in this case are confirmation messages for irregular payments.

With the help of bank IDs, criminals can see the balances of bank accounts, which can target fraud attempts to accounts with more money. However, Sirén reminds that criminals are fine with any money they can get, so even the smallest amounts of fraud have come to OP’s attention.

– I don’t think that there has been any targeted attack here. This is more like shooting with a shotgun.

– If you get into the online banking session, then you will find out if it was a bigger catch, so to speak.

More than 10 million for scammers

The financial industry reported last September how Finns lost a total of 10.8 million euros to scammers between January and June. Scammers received an estimated 2.6 million euros in fake police and phishing scams.

Sirén says that in the case of OP, the criminals’ payment companies turn over a million. Most of the time, however, it is possible to prevent the fraudsters from getting hold of the money once and for all.

However, 100% prevention cannot be done, as it would hinder today’s fast payment traffic too much. In money transactions between banks, the receiving bank can also use its monitoring to prevent the success of a fraudulent attempt.

– If the money has gone, there is always a small chance that the funds would be frozen, and the money would be returned to the rightful owner, says Sirén.