Skip to content Accessibility

Attention! Investment scams are spreading. See more at: Investment fraud

Common scams

Find out about scams so you would know how to avoid falling victim to them. We update the list of scams constantly, so you should check it from time to time. For the most recent information, follow RIA’s Facebook page!

Were you a victim of fraud?

Please help warn others and catch criminals so they could do no more harm. For this, please inform the police of the incident at cyber.politsei.ee, as well as the Incident Response Department of the Information System Authority by emailing cert@cert.ee.


Cybercrime

The global cybercrime losses of 2024 are estimated to have reached 9.5 trillion dollars (CSV). In addition to direct losses, this amount includes indirect losses from data leaks and disruptions to the operation of organisations. Cybercrime is mostly organised for financial gain, but this is far from the only motivator. The objectives of cybercriminals are broadly the following:

  • Financial gain

    The most common objective of cybercrime is to make money. This is done through a variety of attacks: scams, extortion (e.g. a ransomware attack and a demand for money to regain access to data, or the theft of data and a demand to prevent data leakage), denial-of-service attacks, etc.

  • Political reasons

    By or on behalf of government agencies to achieve policy objectives. Such attacks are usually directed against other countries, companies, or critical national infrastructure.

  • Hacktivism

    Attacks carried out in the name of a particular idea or belief, such as attacks against the websites or digital services of governments or organisations, disclosure of sensitive documents, etc.

  • Revenge or personal motives

    Attacks against individuals or organisations, motivated by personal offence or anger, such as against an ex-partner or former employer. Usually, in the form of cyber stalking, disclosure of private information, or cyber bullying.

  • Internal attacks

    Acts against an organisation by its own employees (or their relatives), such as data theft and leaks or security system breaches.

Individuals are usually exposed to cybercrime for financial gain, specifically fraud, but they can also experience attacks motivated by revenge or other personal reasons.

Scams

Scams are the most common form of cybercrime that a private individual might experience. Scams are designed to defraud people of data or money, and sooner or later, anyone who uses the internet is exposed to them. Currently, the most common scams are:

Phishing

Phishing for credit card details, internet bank credentials, and access information for important accounts to later use them for future attacks or for stealing money.

Find out more

Investment fraud

Every year, millions of euros are swindled from people living in Estonia through investment fraud. Find out how to spot scams and avoid becoming a victim.

Find out more

Fraud in online marketplaces

Scams spreading on different online trading platforms (Facebook Marketplace, Yaga, eBay, and others):

  • organised and automated scams that attempt to obtain a user’s credit card details or bank account access information;
  • sale of non-existent goods – by organised scammers on a wider scale or by individual fraudsters.
Find out more

Banking and credit card fraud

Various methods are used for obtaining the money in the victim’s bank account (and also for taking out payday loans), credit card details (where the limit is used up) or gaining full access to the bank account (using the account for money laundering).

Find out more

Extortion

Extorting money or sensitive materials from a user by threatening to disclose the private information of the user (for example, semi-nude photos, adult website usage information, ‘a video recorded with a computer camera’, or similar). Often, the perpetrator does not actually have such material, but they play on the fear that they might have it.

Find out more

Attacks against businesses

Various scams targeting companies and organisations, such as ransomware attacks, recruitment scams, CEO scams, invoice fraud.

Find out more

Ransomware attacks against businesses

Ransomware has become one of the biggest threats to all internet users. Attackers infect the system with malware designed to encrypt or steal the files of the victim. After encryption, attackers try to charge the victim for restoring access to files or for not disclosing information. Such attacks can be very successful, especially in corporate networks where file servers are widely used.

Find out more

How to protect yourself from scams:

  • be aware that cybercrime is very widespread and we can all be victims;

  • be aware of different scams;

  • manage your digital life consciously;

    Digital life

  • keep your digital footprint (i.e. the information you publish about yourself online) as small as possible so that criminals would not have any material to use in targeted attacks;

  • open a link or an attachment sent by email, text message, or other channel only if you are expecting this type of information from that particular sender.

    Phishing

  • when entering your details, always make sure you use the official website and self-service system of the services you want to use (internet bank, online shop, etc.);

  • be aware that entering PINs for Mobile-ID and Smart-ID is the same as authentication and signing in real life. Keep these codes to yourself and do not disclose them to anyone else.