Scam messages
Messages that appear to come from the Finnish Tax Administration are in circulation, often asking the recipient to reveal their e-bank identifiers or credit card information. Some messages may promise a tax refund, and others contain threats or demands referring to a tax you have not paid.
The Tax Administration does not ask for personal identification or financial information through unsolicited emails or other electronic communication. If you get an email or other scam message in your inbox, don’t open attachments or click on links.
When you handle your taxes, please remember:
- MyTax is always the recommended source of information concerning your taxes and payments.
- Always use the “vero.fi” web address when you log in to MyTax.
This means that you should avoid clicking on the links that a search engine website provides – instead, type our web address www.vero.fi in your browser’s address field yourself. Please re-check your typing to make sure the address is right. From www.vero.fi, you can move on to MyTax safely.
If you have activated Suomi.fi messages and receive messages from public authorities electronically, you will first receive a heads-up saying that a new decision or letter has arrived in MyTax. The heads-up from the Tax Administration is only an informative alert message. For this reason, it never contains any links.
Another type of message you may get is a text where the Tax Administration reminds you about an upcoming due date, deadline, etc. Text messages coming from the Tax Administration never contain links. The sender is always Vero, Skatt, VeroSkatt or Vero Skatt. Read more about our text messages.
Current information
In September–October, around 200,000 private customers of OP will receive an e-invoicing proposal from the Tax Administration in their mobile and e-banks. Read more about the e-invoicing proposal.
Example of a scam message about a tax refund
Example of a scam message that takes you to a scam MyTax page
Example of a Suomi.fi scam message
Example of a scam site in Google
Learn how to identify phishing attempts
Scams are making rounds in many forms of electronic communication including emails and text messages. Please note that the sender’s name or address may look reliable because fraudsters can modify them. As a result, you may get a scam message that appears to come from a telephone operator, from a courier company or from a public authority. They may even appear to come from the same sender that has sent you genuine text messages.
You should be on constant guard when any of your bank information, credit cards or other cards are involved. We recommend using mobile banking banks and mobile keys instead. For example, if you need to log in to an e-service other than your bank, the recommended login method is a mobile certificate on your smartphone’s SIM card. You can set the certificate’s PIN code yourself. The certificate offers access to MyTax as well. Read more about the mobile certificate at mobiilivarmenne.fi.
Please pay close attention to results of data searches when you use an online search engine. The recommended way to log in to MyTax is to first use the web address vero.fi, not a search engine. This is because various search results and online advertisements are known to contain links to a phishing site. In general, phishing sites rarely have a domain name ending in .fi.
Some scammers use the telephone to call their victims. Telephone numbers can also be faked, and then the call may appear to arrive from a reliable number. The employees of the Tax Administration never ask for your e-bank or credit card information. Keep in mind that you can always end a suspicious call. If you received a phone call that seemed suspicious as the caller was posing as phoning you from the Tax Administration, please contact our taxpayer service to clear up whether the call was genuine.
When it seems likely that you have fallen victim to a scam, here is what to do
- It is important not to click on the links and attachments of a scam message. Delete the message immediately. You may want to warn others and send a screenshot of the message with a report you can give to the National Cyber Security Centre (Traficom, the Finnish Transport and Communications Agency).
- If you have disclosed your credit card codes by mistake, call your bank or the company that issued the card to cancel the card immediately.
- In the same way, if you disclose your e-bank codes, call the telephone service of your bank and have the codes cancelled.
- If the scam message contained a payment order and you proceeded to pay the amount from your bank account, make sure to contact your bank as soon as you can.
Report the offence to the police
You may have become a victim of fraud if you have given your e-bank or credit card codes to a scammer. First contact your bank and then report the offence to the police. It is also advisable to report attempted fraud to the police.