Finland’s National Cyber Security Centre warned that phishing messages are impersonating OmaKanta, Kanta, and Suomi.fi services to steal victims’ online banking credentials and personal identity data. The fraudulent messages have been distributed through SMS, email, and search-engine results, often using fluent Finnish, spoofed sender details, and fake websites made to resemble legitimate public-service portals such as kanta.fi. Some lures claim recipients must update their information before a deadline, report a technical problem in the Suomi.fi mobile application, or state that an account has been locked.
Authorities said the campaign has also included requests for victims to submit photos of identity documents such as passports, driver’s licenses, national ID cards, or residence permits. The Digital and Population Data Services Agency separately warned about scam traffic abusing the Suomi.fi brand, while officials stressed that these services do not request sensitive information by text message or email. People who clicked links or submitted banking details were urged to contact their bank immediately, file a police report, monitor accounts and bills for misuse, and notify the National Cyber Security Centre.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
The Digital and Population Data Services Agency also warned about several other scam messages circulating under the Suomi.fi brand. Authorities advised people not to reply, click links, or submit sensitive information, and told affected victims to contact their bank, file a police report, and notify the National Cyber Security Centre.
During the week covered by the June 2024 bulletin, Finland's National Cyber Security Centre reported numerous phishing messages sent in the names of OmaKanta and Suomi.fi to steal online banking credentials. The messages urged recipients to update information before a deadline or cited a technical issue in the Suomi.fi mobile app, directing them to convincing fake websites.
Finland's National Cyber Security Centre received reports of a phishing campaign using search engines, SMS, and email to impersonate Kanta and OmaKanta services and steal personal data. Some messages claimed accounts were locked and asked victims to submit identity document photos, while linked sites mimicked the legitimate kanta.fi service.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.