Posti is being used as a fake sender of phishing messages
There is an increasing number of different phishing messages circulating, and Posti is sometimes used as the fake sender. Some of the phishing messages are written in good Finnish and may look very convincing. The messages may even include Posti's logo, colors or other image material. Posti is cooperating with the police to combat these fake messages.
Most of the time, the phishing messages are either SMS or email messages. The contents of the phishing messages vary, but often they pretend to notify the recipient of the arrival of an item, a prize they have won or an unpaid delivery charge.
A fake SMS message may appear in the same message thread as authentic notices of arrival, as if it were sent by the same sender.
Some of the phishing messages sent in Posti's name relate to a sent or received parcel. The SMS asks the recipient to open a link and pay a fee of a few euros. The link directs the recipient to a fake website where the they are asked to, for example, use their online banking credentials or Apple ID credentials for authentication purposes.
You should only download the OmaPosti app from the official application stores
Some phishing messages sent out under Posti's name try to imitate the OmaPosti application. The aim of these phishing messages is to get the receiver's iCloud login credentials or install a harmful application to the receiver's device. These messages are part of a scam and have nothing to do with the real OmaPosti app. Do not click the link of these messages!
You should only download the OmaPosti app from the official application stores, like Google Play or the App Store. The publisher of the OmaPosti app is Posti Group Oyj. If you can't download the app to your mobile device, you can use it in your web browser. You can find the download links of the application stores at our OmaPosti introduction page or you can use the word omaposti to search the app at the application store.
Some of the phishing messages look like an invitation to enter a competition or claim that you have won a prize. Do not click the link of these messages! The link is used to phish for your credit card details, login credentials or other important information. Please visit Posti’s official website or official social media accounts to make sure the competition is really organized by Posti.
Posti never asks for your Apple ID
Some phishing messages inform the recipient of a parcel delivery and the recipient is asked to use their Apple ID credentials to login to a fake website for identification. This is a scam and the website is used to phish for your credentials. Posti never asks for your Apple ID. Do not click the link of these messages or enter your credentials!
Be careful when selling secondhand items on online marketplaces
Be careful when selling secondhand items on online marketplaces. People who have put up items for sale online have recently been approached on Whatsapp by scammers who claim to be interested in buying an item but are actually trying to get the seller’s banking credentials. The scammer tells the buyer that they have transferred the money for the item to the seller’s bank account. When the seller informs the buyer that the money hasn’t arrived, the fake buyer sends the seller a link to a fake website so that the buyer could check that the money has been sent to them. Do not click the link or login into the fake website with your banking credentials! For example, Posti.shop website is a fake website.
According to the police instructions:
Do not open the link and provide your card details.
If you did give your card or online banking details, immediately contact your bank and then report the issue to the police.
Important general instructions regarding phishing messages concerning Posti
Do not open a phishing message. You should never give your personal, bank or user information unless you are absolutely certain the sender is reliable. Delete the message without opening it.
If you are suspicious about the authenticity of a notification received from Posti, you can verify it by checking it against the item ID in item tracking.
If you encounter a suspicious message, do not take any of the measures requested or required by the message, and do not respond to an email message.
Posti's authentic notices of arrival include the pickup location and its address, and they do not prompt the recipient to provide any additional information. When it comes to Cash on Delivery items, the notifications sent by Posti include a link to the COD payment. The COD must be paid before the item's recipient receives a locker code for the item.
You can track your parcels via the OmaPosti application or on our website at posti.fi.
You should only download the OmaPosti app from the official application stores, like Google Play or the App Store. The publisher of the OmaPosti app is Posti Group Oyj. If you can't download the app to your mobile device, you can use it in your web browser. If you don’t have an application store on your device, you can use the browser to access OmaPosti. You can find the download links of the application stores at our OmaPosti introduction page or you can use the word omaposti to search the app at the application store.
The police ask for all those who have received a phishing message and used their credentials at a fake website to immediately contact their bank and then to report it to the police.
More information on phishing messages
Scammers usually send out phishing messages using the name of a recognized company as the sender. For further information regarding online scams or to get help with identifying phishing messages, see the websites below.