Phishing attacks using the My Kanta Pages name continue to target users’ online banking codes and personal information
Online messages and websites pretending to be associated with the My Kanta Pages still continue to appear, seeking to redirect users to fake websites. There have also been attempts made in Kela’s name to get at users’ online banking codes and personal information. To log in securely to the My Kanta Pages, users should go to www.kanta.fi. The OmaKela e-service is available at www.kela.fi.
Towards the end of 2021, Kela reported a number of scams using the names of Kela and the My Kanta Pages, which targeted users’ personal information and online banking credentials. When the victim enters his or her online banking credentials on a fake website, the criminals gain access to the victim’s online bank and can steal money from the victim’s account. Links redirecting users to fake websites have been posted on social media and search engines. Some users have received an email containing a link to a phishing site. Reports of phishing attacks have continued to come in 2022.
According to Jouni Ihanus, who heads Kela’s security operations centre, new scams appear constantly, and the ways they are perpetrated continue to evolve as well. It is not enough to be on the lookout for suspicious messages. Users should also make it a habit to log in through each organisation’s official website only.
Ihanus says that the websites set up by criminals can look much like the official websites maintained by Kela, the Kanta Services or other government organisations. Increasingly, the scam websites and messages are written in fluent Finnish.
Ihanus says that users should make sure that they are logging into a legitimate service.
He advises anyone who has fallen victim to a scam to report it to the National Cyber Security Centre and to the organisation whose name was used in the scam. That way they can help to stop other users from being tricked by the same scam.
Log in securely to OmaKela and the My Kanta Pages
To log in securely to the My Kanta Pages, go to www.kanta.fi. To log in securely to the OmaKela e-service, go to www.kela.fi. User should never log into either service via a link contained in an email or text message or listed in search results. Also, there is no mobile app for either OmaKela or the My Kanta Pages.
For security reasons, sensitive information such as personal identity codes should never be sent by email. Kela or the Kanta Services will never contact users by email or text message to ask for their information.
Tips for logging in securely are available at kela.fi and kanta.fi.
What to do if you are targeted by a phishing attack
If you have landed on a suspicious site or received a message asking you to log in, do as follows:
- Do not reply or enter the information required from you.
- Do not click on any links in the message or on the site.
- If you suspect unauthorised access to your personal banking codes, immediately contact your bank and file a criminal complaint with the police.
- If the suspicious site you encountered pretended to represent Kela or the My Kanta Pages, report it to Kela.
- Make a report to the National Cyber Security Centre.
- Warn your friends and family of the scam.
- Also have a look at the tietovuotoapu.fi website.