A few notes on scam messages

Fraudulent messages (phishing messages) often have a credible appearance. However, the message can actually be quite harmful. The sender's scheme is to have the recipient do something useful for the sender, which for you, the recipient, is not useful at all: the message prompts you to click on its links or attachments or to provide some personal information such as credit card numbers, etc.

At the same time, the sender's e-mail address often looks reliable. The fraudsters know how to modify a "from" address to make it look less suspicious. Accordingly, the message looks like it came from a telephone operator, from an e-mail service provider, from a delivery service, a webstore or a grocery store. Messages sometimes masquerade as coming from your bank or from a public authority.

Fraudulent messages are in circulation by e-mail or as messages in social media, as text messages, and as instant messages. Some messages may promise that you receive a prize. Others tell you to pick up a package of goods. A standard scheme is urgency: the recipient is prompted to act quickly.

We recommend that you just destroy such a message without opening it. If you open the message, we recommend that you take care not to click on any of the links and attachments on it. They may contain malware that contaminates your computer.

Some fraudsters have not hesitated to use the Finnish Tax Administration – Verohallinto – Skatteförvaltningen name as the "sender". For example, some message texts that are fraudulent have talked about a tax refund that could supposedly be paid to you.

If a scam message arrives in your Inbox

  • We recommend that you delete the message immediately. Do not click open any of the links.
  • If, by mistake, you disclose your credit card information, you must have the card cancelled. Either call your bank or contact the company that issued the card.
  • If, by mistake, you disclose your e-bank codes, call the service number specified by your bank and have the codes cancelled.

Contact the police to report the offence

If, by mistake, you disclosed your credit card information or e-bank security codes, it is possible that an act of fraud has already taken place. After contacting your bank, write up a crime report and submit it to the police. We also recommend that all attempts of fraud be reported to the police. More information is available on the website of the police: Petosrikokset - poliisi.fi

How to tell that an incoming message is an authentic message from the Tax Administration?

It is normal to receive automatic notices from the Tax Administration’s electronically provided services, for example, from MyTax. You may get them by e-mail and as text messages. However, no links are ever included in our notices and messages. 

  • In the same way, the Tax Administration never asks about taxpayers’ credit cards or about taxpayers’ e-bank user IDs and passwords. We would have no use for that information.
  • The Tax Administration never asks for your personal information, such as your ID code, bank account information, etc., by e-mail or text.
  • Similarly, the Tax Administration never sends e-mail that would contain a notice of assessment or any related tax information.
    • This means that if an e-mail arrives to you that appears to be a decision letter informing you of a tax refund, it must be a scam.
  • Another characteristic of a scam message is the presence of spelling and grammar mistakes. Sometimes, but not always, the messages have a messy appearance.

How to recognize an e-service of the Tax Administration?

All our e-services that display amounts of money, or involve taxpayers' input of values of money relating to taxes, are set up over a secure online connection.

  • In general, no access without login is possible to any of our e-services. Individual taxpayers can use their e-bank codes to log in to https://tunnistaminen.suomi.fi/. Other login options are the microchip identity card and the mobile certificate. Corporate and business taxpayers can log in with their electronic Suomi.fi authorisation.
  • Fraudulent sites have no secure login features and often they may ask you to enter your credit card number or PayPal password to sign in.
  • An indication of a secure connection is that you see the letters 'https' on the URL (address) line on the top of your browser window. Usually, you can also see a padlock symbol.

    The URL address line of the tax.fi website, from a Chrome browser session.

    The URL address line of the tax.fi website, from an Microsoft Edge session.

More information on the security of visitors to tax.fi