Finnish banking customers are facing a sophisticated new wave of phishing attacks, as demonstrated by a Kuopio man who recorded a convincing scam call. Mika Pöyliö documented a multi-stage fraud attempt that began with a fake tax email and culminated in a phone call from a fraudster impersonating an OP Bank customer service agent named 'Anni Salonen'. The scam follows a documented pattern where criminals first send spoofed messages from the Tax Administration and then follow up with bank impersonation calls.
The Bait: A Fake Tax Email
Mika Pöyliö's encounter began with an email purportedly from the Tax Administration, reminding him of a corporate tax debt. The message urged him to make a payment online. Pöyliö clicked the button leading to the payment page, which took him to what appeared to be the Tax Administration's website. The convincing page requested verification of payment details and offered the option to log in via online banking. It also asked for a name and phone number. While Pöyliö suspected a scam at this point, he filled out the form with fictitious information.
His compliance was rewarded the next day, a Friday morning, when his phone rang. The caller introduced herself as 'Anni Salonen from OP Bank'. This name is very close to that of a real customer service manager listed on OP's official website. This attention to detail is a hallmark of the current scam trend, designed to build immediate credibility with the target.
The Hook: 'Anni' from OP Bank
During the recorded call, 'Anni Salonen' informed Pöyliö that there had been numerous logins to his account from the Netherlands. Pöyliö played along, acting confused. The caller then offered a solution: to resolve the suspicious activity, Pöyliö would need to log into his mobile bank app for identification purposes. The fraudster's performance was notably calm and professional, not rushing or fumbling words, which increased the call's perceived legitimacy.
When Pöyliö directly asked for proof of the caller's identity, the response was carefully crafted. 'It's a bit difficult to verify where the call is coming from over the phone when calling from an unknown number, purely for security reasons,' the impersonator replied. The call only ended when Pöyliö stated he did not wish to give out his credentials over the phone and expressed his suspicion that it was a scam. The caller calmly replied, 'I fully understand,' noting it was his decision and that he could contact customer service himself.
The Playbook: How the Scam Works
This incident exemplifies the 'security account fraud' method described by Niko Saxholm, Director of Finance Finland (Finanssiala ry). In this scheme, the victim is pressured to urgently transfer their money to a purported 'security account' to protect it from alleged unauthorized access. The scammers use urgency and fear to cloud judgment. The initial email serves as a filter to identify potential victims, while the follow-up phone call applies the pressure needed to complete the theft.
The scale of this problem is significant. In the first half of 2025 alone, phishing scams stole 16.5 million euros from Finns. The professionalism of these operations marks an escalation. Fraudsters now use harvested details from data breaches or previous phishing lures to personalize their approach, making their fake narratives more believable. The use of a name similar to a real bank employee shows a disturbing level of research.
Expert Analysis: A Systemic Threat
Finance Finland's Niko Saxholm confirms that this two-pronged attack—fake official emails followed by bank impersonation calls—is a common current tactic. The industry group continuously warns that no legitimate bank or authority will ever call a customer to ask for login codes, passwords, or to instruct them to log into their online bank. The goal of the 'security account' scam is to get the victim to initiate a transaction themselves, which can complicate reimbursement claims.
The calm demeanor of the scammer in Pöyliö's case is a deliberate tactic. High-pressure tactics can backfire, a measured, helpful tone is more disarming. By stating the victim can always contact customer service themselves, the scammer creates a false sense of control and security. This psychological manipulation is designed to overcome the target's final reservations.
Protective Measures for Consumers
Vigilance is the primary defense. Citizens should be skeptical of unsolicited emails regarding payments or account issues, even if they appear to come from official sources. Never click links in such emails. Instead, log in directly through the official website or app. If you receive a suspicious call claiming to be from your bank, hang up and call back using the official customer service number found on your bank card or their verified website.
Mika Pöyliö's decision to record the interaction provides a valuable public service. Listening to the calm, methodical approach of the fraudster exposes the sophisticated social engineering at play. It underscores that these are not crude attempts but well-rehearsed operations targeting the inherent trust people have in financial institutions. The question remains: as these scams become more polished, how can public awareness outpace the criminals' evolving scripts?