Watch out for scams posing as the Kanta Services and My Kanta Pages!

At present there is an unusual number of scam messages in circulation claiming to be from the Kanta Services and trying to access people’s personal data. Typically, a scam message may ask you to send your personal data or documents to an address given in the message. Information collected through these kinds of message is likely to end up in the hands of criminals.

You may come across scams in email messages, on social media or search engines such as Google or Bing. Criminals may also try to contact you with text messages, phone calls or WhatsApp messages. The content and appearance of scam and phishing messages vary a great deal, but it is important to remember that the Kanta Services never ask you to give personal data by email or text message.

“In order to ensure your own security online, it is important to never send sensitive information, such as a personal identity number, by text message or email,” says Jouni Ihanus, Head of Kela’s Technical Situation Awareness Centre.

Always log in to the My Kanta Pages via the kanta.fi website.

In addition to personal data, phishing messages may try to get hold of your online banking codes. The message may ask you to open attachments or to log in to the My Kanta Pages via a link in the message. When the victim enters his or her online banking codes on a fake website, the criminals gain access to the victim’s online bank and can steal money from the victim’s account.

Never log into the My Kanta Pages via a link contained in an email or text message or listed in search results. The only way to be sure that you are securely logged into the service is to log in directly from the website kanta.fi.

“New scams appear constantly, so it is not enough to just be on the lookout for suspicious messages. It is important to make it a habit to log in to the services you use only through each organisation’s official website,” Jouni Ihanus advises.

Ihanus also points out that the websites set up by criminals can look very similar to the official websites maintained by Kela, the Kanta Services or other government organisations. These days, scam websites and messages can be written in fluent Finnish.

If you suspect that you have been a victim of a scam, you should also inform the National Cyber Security Centre Finland and the organisation in whose name the phishing messages were sent.

“Even if you can’t change what happened to you, you can help prevent others from being deceived by the same scam if you report it and warn other people,” Ihanus points out.

What to do if you are targeted by a phishing attack

If you have landed on a suspicious site or received a message asking you for personal data or to log in somewhere, do the following:

• Do not reply to the message or enter any information on the website.
• Do not click on any links in the message or on the site and do not forward any information.
• If the suspicious site or message you encountered claimed to represent Kela or the My Kanta Pages, report it to Kela.
• If you suspect unauthorised access to your online banking codes, immediately contact your bank and then file a criminal complaint with the police.
• If you suspect that your personal data has been leaked, please refer to the instructions on the website Suomi.fi (suomi.fi)
• Report the incident to the National Cyber Security Centre Finland (kyberturvallisuuskeskus.fi)
• Also visit the data breach support website (tietovuotoapu.fi)
• Warn your friends and family of the scam.

Read more

The kanta.fi and kela.fi websites offer instructions on how to log in safely to online services:

• How to use the My Kanta Pages safely (in Finnish)
• Secure online services in OmaKela (kela.fi)

How to protect yourself against online scams (kyberturvallisuuskeskus.fi)

Checklist – My personal data has been stolen or leaked (suomi.fi)