Apple ID and tax refund phishing scams are designed to steal credit card and banking details

FICORA has received reports of phishing emails sent to Finnish Apple users urging them to verify their Apple ID which has been changed. Victims are directed to a legitimate-looking phishing website where they are asked to enter their credit card details and online banking access codes. There is also another active phishing campaign that promises tax refunds in exchange for credit card and banking details.

Update 25.11.2016: A phishing campaign is also targeting Finnish internet banking customers. Users have received fraudulent messages that urge the user to update their security settings. The messages are in Finnish. The link in the messages directs the user to a phishing page. For more information on this campaign please see the corresponding Information Security Now! article. (in Finnish).

Update 14.11.2016: Phishing emails requesting credit card details have also been sent in the name of the Finnish Tax Administration. Users have received messages claiming that they will receive tax refund of EUR 244.79 once they enter their details on the Tax Administration's website. Further information: Information security now! Phishing campaign in the name of the Finnish Tax Administration (10 November 2016) (in Finnish)

The NCSC-FI at FICORA has received reports of a very sophisticated phishing campaign targeted at Finnish users. Messages written in correct Finnish claim that the user's Apple ID has been changed, and urge the user to verify the ID by clicking the link on the email.

An example phishing email

The phishing website looks legitimate and uses SSL/TSL encryption. The browser's address bar reveals the website to be a scam. The scam website requests the victim to enter a credit card number and CVV code to verify the ID. The NCSC-FI has been reported of Finnish victims.

Phishing website claims that the user's Apple ID has been disabled for security reasons. The confirmation process is a phishing technique for credit card details.

Target group of the alert

All users of online services

Possible solutions and restrictive measures

  • It is recommended never to open phishing messages or any links they contain.
  • If you have entered your Apple ID on the scam website, change it immediately.
  • If you have entered your credit card details on the scam website, contact the credit card issuer immediately (e.g. the bank).
  • If you have entered your online banking codes on the scan website, contact your bank immediateley.

Further information

Update history

Key words: Information security , Cybercrime , Hoax , NCSC-FI , Phishing , Alerts

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313


Media contacts by telephone +358 295 390 248