If you suspect you have been scammed, contact your bank immediately to find out whether it is still possible to cancel an unlawful transaction. It is also important for you to ask that the means of payment be blocked immediately if you suspect that it has fallen into the wrong hands. In addition, if you suspect that your banking credentials or payment card information has fallen into the wrong hands, please contact your bank immediately. (Read more in the section “What should I do if I suspect I have been scammed?”)

When using financial services, there is always a risk of abuse. It is important to be aware of the possibility of scams and to be vigilant about any contacts you receive, for example via telephone, email or social media. A bank, the police or other public authority will never ask for your payment card information or banking credentials via telephone, email or social media.

There are different types of scams. The most common scam is phishing for information, such as online banking credentials. Other typical scams include, for example, investment scams, document scams and romance scams. Moreover, additional ways to scam are constantly being devised.

Through our website, you can check whether a service provider is authorised or is on the FIN-FSA’s warning lists. You can view authorisations and warnings in the registers section of the FIN-FSA’s website.

Characteristics of a scam

  • If something seems too good to be true, it rarely is true.
  • The contact comes unexpectedly and from a previously unknown party or service provider. A scam may also be carried out in the name of a familiar service provider, pretending to be the service provider.
  • You are asked to respond quickly to the contact, and the possible offer is only valid for a short period of time. A decision must be made immediately or the offer becomes void.
  • The contact or offer is available to a small number of people or only to you.
    • The contact may be untidy and unclear in appearance and language, or written in poor English. Nowadays, scams may also be cleverly crafted, and you may not immediately recognise that it is a scam from the appearance of the contact.
  • The party making the investment offer is not authorised.
  • The investment offered is complex or difficult to understand.

Users of services also bear responsibility

Banks are responsible for the security of the services they offer online, but the FIN-FSA reminds consumers of their own responsibility and of the security practices worth keeping in mind when making online and mobile payments.

When using online services, customers should be suspicious and also remember that banks or authorities will never ask for their bank credentials or payment card information by phone, email or text message. Customers should also be careful about clicking links. Bank credentials should never be used to log in to services via links in messages. Links even in genuine-looking messages may lead to a fake website and online banking credentials falling into the hands of criminals.

The risk of online banking credentials falling into the wrong hands can be reduced by using, for example, other strong identification tools, such as a mobile or citizen certificate, when identifying yourself to official services.

A so-called digital identity wallet application for mobile phones is currently being developed in the EU. In the future, it will be possible to use it for digital authentication of identity when logging into both public and private online services throughout the EU.

FIN-FSA has no role in individual fraud situations

The FIN-FSA does not address or resolve division of responsibility for losses arising between a customer and a bank in individual fraud situations. We advise you to contact your bank in the first instance and, if necessary, make a written complaint.

You can, however, send us notifications about the problems you encounter if a supervised entity of the FIN-FSA is involved and there is suspicion that the company is not adhering to a satisfactory code of conduct in its operations. At our discretion, we will take the matters raised in notifications into account in our supervisory activities.

We also monitor on a general level that banks and other entities we supervise comply with the security requirements set for online banking services and payments.

The section “Problems with a service provider” on our website has more detailed guidelines on how to act in problem situations with the service providers under our supervision.

What should I do if I suspect I have been scammed?

Open all elements Close all elements
1. Contact the blocking service and your bank immediately

Contact the blocking service and your bank immediately if you suspect that you have forwarded your online banking credentials or payment card information into the wrong hands, if you notice suspicious payment transactions in your account, or if you suspect that you have been fraudulently tricked into paying money. In this way, further losses may be prevented and payments possibly cancelled.

If necessary, make a written complaint to the bank. You have the right to receive, on your request, a written response to your complaint within a reasonable period of time.

2. Make a report of an offence

If you notice that you have been scammed, you should make a report on an offence to the police. Bringing scams to the attention of the police is also useful in fraud prevention work.

3. Beware of follow-up scams and dishonest helpers

Victims of scams often receive a contact shortly after the scam is revealed, promising to help them recover the money they have lost. The contact may be, for example, a telephone call, email or letter. The contact person may present themselves as, for example, a representative of a public authority, bank or law firm. Typically, the assistance offered requires an advance payment or identification with banking credentials, which can result in a new scam and further loss of funds.

Typical scams

Open all elements Close all elements
Phishing of banking information

Information phishing is all unauthorised acquisition of financially exploitable information. Such information that criminals may seek to acquire includes online banking credentials, credit card numbers, passwords and other personal and account information. Information phishing is the most typical form of scam.

Phishing typically takes place via email, text message, telephone call or social media. Banks, other financial service providers, public authorities or other relevant parties do not request such information by telephone or email.

Follow these guidelines to protect your information:

  • Do not give or share your personal or banking information over the telephone, by email or on social media.
  • Do not supply or confirm your personal information if you are not sure about the party requesting it.
  • Do not click on links you receive via text message, email or social media, or call a telephone number provided in a suspicious contact.
  • Do not use your online banking credentials or log in to your online banking at the request of someone else.
  • Do not enter your online banking credentials or log in to your online banking via a link you received in a suspicious contact.
  • Always log in to online banking through your own bank’s website. Do not use search engines to find your bank’s online banking.
  • Do not allow anyone to remotely connect to your device if you are not absolutely sure of the party in question.
Investment scams

An investment scam may be an attractive investment offer involving, for example, currency (forex trading), cryptocurrency or derivatives (for example, options) and which promises better than average returns for the investment in question. An interesting investment object or offer may be encountered, for example, on the internet or social media.

After an investment has been made, the provider may present the investor with a promising yield curve, and thereby entice the investor into making further investments. Problems are often encountered when the investor wants to sell their investment and cash out. The service provider may then disappear and stop responding to contacts. Alternatively, the investor may be requested to make an unexpected payment or other transfer before they can obtain the money back. Unexpected payment demands should be treated with caution. Transfers of money to the service provider should be stopped immediately when it is suspected a scam has taken place.

Before making an investment decision, it is worth considering why this particular service provider could offer a better return on investment than, for example, established and well-known service providers. It is also worth considering whether you understand what the investment involves. Be wary of favourable recommendations from previous customers on social media and/or the company’s website – they are likely to be fictitious. It is advisable to search extensively for information about the company from different sources.

Check the service provider’s authorisation

Investment services can be provided in Finland by companies authorised by the FIN-FSA or by companies authorised in another EEA country that have notified the FIN-FSA that they will provide their services in Finland.

Before making an investment decision, it is always worth checking on the FIN-FSA’s website whether the service provider is authorised in Finland or has notified the FIN-FSA of its intention to start providing services in Finland. It is also worth checking the warning lists on the FIN-FSA’s website.

Authorised service providers and the FIN-FSA’s warning lists can be found in the registers section of our website,

If possible, also check to exclude the possibility that a clone of a trusted operator is involved. Here are some ways to help with this:

  • Don’t click on the links you receive on social media or via email; go to the service provider’s website via the official web address of the authorised service provider.
  • Compare the contact information you receive with the contact information available from official sources. You can learn a lot by using online search engines, i.e. “googling”.
  • Check the FIN-FSA’s warning list to see if there is a warning about a fake website, i.e. a clone, of the company in question.

You can recognise an investment scam by, for example, the following characteristics:

  • The service provider has no authorisation or the authorisation certificate has been falsified.
  • The investment sounds too good to be true.
  • The investment offer comes via an unexpected contact, often from abroad and from a previously unknown party.
  • The investor is rushed and pressured into making an investment decision.
  • The investment offer is mysterious and exclusive, “just for you”, “limited edition”.
  • The investor is asked for more money on various pretexts.
  • The website does not have anyone’s contact information.
  • The language menu on the website has the Google Translate language menu, i.e. the website is, in practice, available in all possible languages.
  • The investment object is complex or difficult to understand.
Document scams

Document scam refers to a traditional scam letter type of scam, where an official-looking letter or message is sent to the victim via, for example, email or social media channels. Assistance is often requested for the transfer of inherited or other funds from one country to another.

To this end, the writer asks the recipient to get in touch and promises significant compensation for their assistance. Prior to the transfer of money, the recipient is often asked to supply personal details. It is often requested that the recipient pay a sum of money to the sender as a kind of guarantee that the remainder of the money can be paid. Such requests for payment may be based on, for example, receiving a certificate of origin for money, currency exchange, repatriating money, paying legal fees or obtaining a central bank certificate.

Open all elements Close all elements
More information on scams on the websites of other public authorities

More information about scams is also available from the services of other public authorities, for example at the following addresses:


See the EBA’s key security tips for consumers when choosing online or mobile banking services.