Scams Targeting Businesses

It is always a good idea to be attentive, regardless of what time of year it is. That said, professional scammers tend to operate to their own annual schedule, and staying alert during the vacation season is particularly important. It is therefore important to train substitutes thoroughly – and permanent employees should stay alert also during vacation seasons.

Scammers will launch their summer campaigns when companies are having their summer holidays, and routine operations are being run by summer employees. The summer is typically a busy time particularly when it comes to scams targeting company payment transfers. We encourage our corporate customers to be thorough when providing training to employees and summer employees regarding, for example, the payment confirmation process. We also encourage actively updating staff on any current scams.

Typical scams that target businesses are so-called CEO fraud, salary payment fraud and the phishing of employees’ MS Office credentials.

CEO Fraud

In CEO fraud, a scammer will approach their victims via email and pretend to be a company or association executive – such as the CEO. The aim of the scam is to convince the email’s recipient to make a credit transfer.

For example, the email may appear to be sent by the company’s CEO, when in reality, the sender's address has been forged or the email account has been hacked. Scammers’ messages are particularly targeted at accountants, fund managers and other persons in charge of payment transfers. 

The messages are short in an attempt to create the impression that the payment must be made without delay. The message can ask for account balance information, and it sometimes includes a fake invoice. The topic of the fake invoices can vary: in previous, known CEO fraud cases urgent payment requests have been made regarding a company’s IT services, computer services and website redesign services, office supplies and logistics. 

Salary Payment Fraud 

Salary payment fraud involves scammers sending an email impersonating a company’s employee to HR, for example. The message claims to include the employee’s new account number. The goal is to direct the employee’s salary to the scammers’ account.

These types of messages can also credibly appear to be sent by a company employee. In reality, however, the sender’s address is fraudulent or their email account has been hijacked.

Therefore, if your position involves processing information related to salary payments and an employee asks you via email to update their account number, remember to be careful:

  • Always check the sender’s e-mail address carefully.
  • Confirm the change directly with the employee through another message instead of replying to the email – for example, by phone. 
  • You should stayparticularly alert if an employee whose salary was previously paid into a Finnish bank account unexpectedly requests that their salary should be paid to an account number not starting with FI. Please keep in mind, however, that scammers also use Finnish bank accounts.

Office 365 Credential Phishing 

A message phishing for a user’s Office 365 credentials will usually appear to be sent by someone that the user knows. The message typically contains a link to a file or a website. When you click the link, you end up on a genuine-looking page where you are asked to log in using your Office 365 credentials. However, the page is not authentic, and if you enter your credentials on the page, they will end up in the possession of the fraudsters.

With the phished credentials and passwords, the scammer will be able to log into the employee’s Office 365 service and use it to their own ends:

  • They can read the employee’s emails, redirect incoming emails to their own address or change the email account’s other settings.
  • They can also gain access to the company’s invoicing information and edit invoices by e.g. adding their own account number.
  • They can download the company’s contact lists and use them to, e.g. send new phishing messages or to send fake invoices and payment information from the employee’s email address.  
  • They can open files in the employee’s OneDrive account and download them for their own use. They can also read Teams conversations, shared files and contact information.

Scammers can also sell phished credentials to others. The same credentials are in fact often used to login in several different countries, which are often located outside Europe. 

Tips for avoiding scammers

  • Agree on your company’s payment approval processes for different situations and review them on a regular basis.
  • Provide summer stand-ins with orientation and make sure that they are aware of potential phishing attempts.
  • Always take note of any updated account numbers. Confirm their validity and agree on a set of principles, along with a clear process for updating account numbers in different systems.
  • If you receive a suspicious message, confirm from the sender either by phone or face to face  whether or not they actually sent the message.
  • Report every scam or attempted scam to your own OP cooperative bank or to the corporate customers’ customer service at 0100 05151.
  • File a request for investigation with the police. 
  • Forward any phishing email messages you have received to tietoturvailmoitukset@op.fi This will allow us to keep track of any scams that are currently circulating and prepare for them on our end. We will also be able to warn our other clients about the scams.

More information on other website

You can find further information and practical advice on preventing accidents on the National Cyber Security Centre website. 

The Policy University College’s website provides a recent guide on how to report cybercrime to the police.