Police warn of phishing scam which uses alarming phone text message

The reported phishing scam makes use of the SMART ID authentication method.
The reported phishing scam makes use of the SMART ID authentication method. Source: ERR

Authorities have issued a warning after scammers have conned the public out of around €200,000 in the past six months. The scam involves a fake bank account link, sent via text message phrased so as to alarm its recipient.

Hannes Kelt, Head of the Central Criminal Police Cyber and Economic Crimes Unit, said: "The content of these messages can be very disturbing, and as a rule are stress-inducing, and aimed at disturbing the recipient's critical thinking."

One typical message read: "Suspicious transactions have been taking place with your account. To halt them, please immediately log in from this link. We ask you to update the your internet banking security, and to do so, log in here," where "here" takes the victim to a fake link which resembles a legitimate bank site.

Priit Rum, spokesperson for Estonian-founded bank LHV, said that in January 2022 the bank found close to 10 phishing sites imitating his bank's site, while by December there were around 70 of these.

Hannes Kelt said the PPA was notified of phishing scams via phone or text message nearly 300 times last year, with total damage caused by criminals stretching to €1.2 million; so far this year, 36 cases have been identified, at a loss as noted of over €200,000.

"This is according to PPA data. The likely actual number of victims would certainly be significantly higher, perhaps two times or more higher," Kelt went on.

Kelt also noted that sending warning text messages of this kind is not how banks deal with actual security-related issues; should a recipient be concerned about the authenticity of the message, they should log into their internet banking themselves, via the official link, to check.

Any genuine warning would be issued on the bank's site.

Customers should also call their bank, to ascertain what is going on – though, Kelt stressed, this should be done via the phone number provided on the bank's official website and not the number associated with the text message sent by the crooks.

"Bank employees can then give precise advice on whether or not anything concerning has transpired," Kelt added.

Members of the public may also receive phishing messages from banks which they are not customers of, though the same rationale in dealing with the scam applies.

Another tell-tale sign of a phishing scam comes when, by clicking on a text message fake link, the fake site asks for the victim's SMART PIN 1 code, Kelt noted.

Normally, logging in to a legitimate bank link in this way requires the SMART ID app itself (pictured), rather than a request from a site for the details.

Providing a scam site with the PIN 1 will be followed, after some time and with the impression that a website is loading, with a request for the PIN 2 from the victim's SMART ID.

In reality, while this time is elapsing, the crook is logging into the user's account using this information, Kelt said.

Always contact your bank via its official channels if you receive any such phishing text message, email etc.


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Andrew Whyte, Mait Ots

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: