Updated information, January 29, 2021: There is a new type of phishing message circulating that informs the recipient of a parcel delivery and the recipient is asked to use their Apple ID credentials to login to a website for identification. This is a scam and the website is used to phish for your credentials. Posti never asks for your Apple ID. Do not click the link of these messages or enter your credentials!
There is an increasing number of different phishing messages circulating, and Posti is sometimes used as the fake sender. The latest phishing messages are written in good Finnish and, largely, they look very convincing. The messages may even include Posti's logo. Posti is cooperating with the police to combat these fake messages.
Most of the time, the phishing messages are either SMS or email messages. The contents of the phishing messages vary, but often they pretend to notify the recipient of the arrival of an item, a prize they have won or an unpaid delivery charge. A fake SMS message may appear in the same message thread as authentic notices of arrival, as if it were sent by the same sender.
There are currently in circulation fake messages regarding a sent or received parcel and competitions
For example, the current phishing messages sent in Posti's name relate to a sent or received parcel. The SMS asks the recipient to open a link and pay a fee of a few euros. The link is used to phish for your credit card details.
Some of the phishing messages look like an invitation to enter a competition or claim that you have won a prize. Do not click the link of these messages! The link is used to phish for your credit card details, login credentials or other important information.
You should only download the OmaPosti app from the official application stores
There's a new kind of phishing message being sent out under Posti's name. The aim of these phishing messages is to get the receiver's iCloud login credentials or install a harmful application to the receiver's device. These messages are part of a scam and have nothing to do with the real OmaPosti app. Do not click the link of these messages!
You should only download the OmaPosti app from the official application stores, like Google Play or the App Store. The publisher of the OmaPosti app is Posti Group Oyj. If you can't download the app to your mobile device, you can use it in your web browser.
According to the police instructions:
Do not open the link and provide your card details.
If you did give your card or online banking details, immediately contact your bank and then report the issue to the police.
For more information, see the Police of Finland website:
Scammers usually send out phishing messages using the name of a recognized company as the sender
Important general instructions regarding phishing messages concerning Posti
You should not open a phishing message. You should never give your personal, bank or user information unless you are absolutely certain about the sender. Delete the message without opening it.
If you are suspicious about the authenticity of a notification received from Posti, you can verify it by checking it against the item ID in item tracking.
If you encounter a suspicious message, do not take any of the measures requested or required by the message, and do not respond to an email message.
Posti's authentic notices of arrival include the pickup location and its address, and they do not prompt the recipient to provide any additional information. When it comes to Cash on Delivery items, the notifications sent by Posti include a link to the COD payment. The COD must be paid before the item's recipient receives a locker code for the item.
You can track your parcels via the OmaPosti application or on our website at posti.fi.
You should only download the OmaPosti app from the official application stores, like Google Play or the App Store. The publisher of the OmaPosti app is Posti Group Oyj. If you can't download the app to your mobile device, you can use it in your web browser.
For further information regarding online scams or to get help with identifying phishing messages, see the websites below.
The Finnish Competition and Consumer Authority (FCCA):
Huijausinfo.fi (in Finnish)