“Itella” and “Posti” used as fake senders in illegal phishing messages asking for online banking details

Criminals are trying to find out online bank account details by using illegal phishing messages. Previously, these types of messages have been sent using the names of different authorities. Now there are messages circulating that identify Itella or Posti as the sender. Do not react to these messages! Delete these messages without opening them.

Itella or Posti do not send their customers e-mails or text messages asking for account numbers or directing the reader to bank websites for identification. The phishing website that opens from the link resembles the Tupas identification service used by banks.

Instructions for customers:

  • Do not open suspicious messages or links
  • Never hand over your online bank user ID or password to anyone
  • If you have used your online bank details in connection with such a message, contact your bank immediately and tell them what has happened.
  • Identification using online banking credentials is in use in certain Itella and Posti services, but these services direct customers to the identification only from the service in question, never by e-mail.
  • The address of a secure login page (SSL secured) begins with “https” and usually displays a lock icon in the browser.
  • If you wish, you may report the phishing message (if the link in the e-mail leads to a site with a strange address that looks like an online bank site) to the National Cyber Security Centre of the Finnish Communications Regulatory Authority by forwarding the e-mail to cert@viestintavirasto.fi.

Example of a phishing message (Do not react to this kind of message!):