A new three-step scam targeting online banking credentials is on the rise, the national Cyber-Enabled Crime Investigation Unit warns.
Around 30 cases of the multi-phase scam were recorded between April and May, according to the unit, which operates under the Central Finland Police Department.
Police stated that in the scam's first step, victims get an automated call, often from a Croatian number (+385), claiming to be from their bank. The victim is informed of suspicious transfers from their account and asked to press a number if they didn’t make these transfers. The call is then connected to a supposed customer service agent.
In step two, the scammer tells the victim that someone logged into their online banking and transferred their money abroad. The fake customer service rep claims to have successfully cancelled one large transfer but says there are issues with cancelling a smaller one.
In the last step, the agent asks the victim to log in to a specific website using bank credentials so they can cancel the incorrect payment using a mobile authentication method. If the victim follows these instructions, the scammer gains access to their account.
According to police, cybercrimes using methods like phishing for online banking details are quickly increasing. New tactics for committing crimes are appearing continuously.
The police emphasised that people should never share their online banking credentials with anyone.