Skip to content Accessibility

Attention! Fraud schemes are becoming increasingly sophisticated. Learn how to protect yourself: Common scams

Scam calls

Scam calls have become the most prevalent type of fraud, causing Estonian residents to lose tens of thousands of euros every day. Read more about how to recognise scam calls and what to do if you suspect a scam.

Recently, the frequency of cases where victims receive multiple calls in a row has increased. The first call urges the person to act quickly, for example by offering a refund of a benefit or threatening financial loss. The second call claims that fraudsters were involved in the previous call and that in order to stop their activities, the recipient of the call needs to log in to their bank, confirming it with the PINs of their Smart-ID and Mobile-ID. In reality, this is how fraudsters gain access to bank accounts and carry out transactions. The fraudsters aim to keep their victim on the line for as long as possible so that they do not have time to think about the offer. Instead, the victim is pressured to act quickly. For example:

  • Getting in contact regarding an ‘unused benefit’
  • ‘Warning’ about suspicious transactions in bank accounts
  • Requesting money to resolve an accident involving a relative
  • Offering a great opportunity to earn money

How to recognise a scam call and what to do about it?

  • The offer seems too good or frightening, emphasising the need to act quickly.

    Take time to research the background of the offer and discuss it with someone you trust.

  • You are asked to confirm your PINs or verification codes.

    Banks or government agencies will never ask you to share confirmation codes or enter PINs over the phone!

  • Psychological and time pressure are common tactics used by fraudsters.

    Take your time and do not let yourself be rushed.

  • Do not share personal information over the phone or enter it on websites that you are directed to during the call.

    If in doubt, end the call!

  • Communication is redirected to a different channel, e.g. WhatsApp.

    Cut off communication and, if in doubt, call the alleged institution back using the official contact details on the institution’s website.

  • You are asked to install software (e.g. AnyDesk) on your device so that you can receive assistance.

    Avoid installing software on your device over the phone and end the call immediately!

  • Scam calls are constantly changing, so keep yourself informed about the most common scams.

    You can find information at itvaatlik.ee, on the RIA Facebook page, on the Facebook channel of the police, at pettuseinfo.ee, and elsewhere in the media.

What should you do if you suspect a scam?

  • Do not enter any PINs or verification codes anywhere afterwards
  • Call the phone number listed on the bank’s official website and request that the transfer be cancelled
  • Share with the bank exactly what happened and what information you gave the fraudsters about yourself so that they can help you more efficiently
  • Notify CERT at cert@cert.ee and, in the case of financial loss, also the police at https://cyber.politsei.ee

Examples of scam calls

Martin received a call from someone who introduced themselves as an employee of the Estonian Health Insurance Fund. Martin was told that he had over €1,200 in unused medical benefits that he could transfer elsewhere. He acted according to the instructions. He was asked to identify himself with Smart-ID, given a confirmation code, and Martin entered his PIN1. Next, he received a call allegedly from his bank’s information security department, which told him that the previous call from the Health Insurance Fund was a scam and that he needed to download the AnyDesk software onto his phone to catch the fraudsters. Martin followed the instructions again, but after a couple of hours on the phone, he began to feel suspicious. He called his bank, where he was advised to cut off communication with the fraudsters. He also found out that transactions in the amount of €28,000 had been made from his account, which could no longer be reversed.

In this example, the criminal exploits the victim’s hope of financial gain. At the same time, the recipient of the call is rushed so that they have no time to think. Let’s take a step back and think about how Estonian government agencies operate – do they make phone calls like that, or can people check their data (including the balances of their Health Insurance Fund benefits) themselves in the self-service environment of the relevant agency? Furthermore, no public agency will ever ask you to download any software onto your personal device over the phone.

Riina received a call claiming that her daughter had caused a traffic accident and now needed €8,000 to pay for surgery. The fraudsters sent Riina a link that led to a phishing page. There, Riina made a transfer to the fraudsters’ account, confirming the transaction with her PIN2. Later, Riina discovered that another €3,000 had disappeared from her account.

In this example, the perpetrator puts the person in a highly stressful situation. The aim is to prevent people from thinking or checking whether their loved ones are okay, but to make them transfer money quickly. Let’s take a moment to think about it – do victims of traffic accidents in Estonia or their relatives have to pay for hospital treatment before surgery, or is the treatment funded by the Health Insurance Fund or the traffic insurance provider?

Anna received a call from someone who introduced themselves as an official from the Estonian Health Insurance Fund and claimed that her benefit needed to be carried over to the following year. The person offered to do it themselves. Anna was given the Smart-ID confirmation code, which matched the code displayed on her phone, and she entered her PIN1. After that, someone claiming to be a bank employee called her to ask whether Anna had made a transaction of €15,000. When Anna became anxious, the ‘bank employee’ reassured her by saying that the transaction had been blocked. Under the pretext of handling sensitive information securely, the fraudster redirected the conversation to WhatsApp. When Anna began to hesitate, she was sent a forged employment certificate from a bank employee and told that a ‘police officer’ would continue to handle her case. The ‘police officer’ made a video call to Anna, with letters of commendation and a picture of the president visible in the background. The fraudster also asked her to log into her bank account via screen sharing and then create a new Smart-ID account. All these actions were accompanied by encouraging explanations from the ‘police officer’. After several hours of phone calls, Anna found the situation very suspicious and decided to call the bank’s official number to get clarification. It turned out that transfers totalling €78,000 had been made from both her personal and company accounts. She was able to cancel a transaction amounting to €24,000. Anna asked the bank to close all her accounts immediately.

In this example, too, the criminal exploits the victim’s hope of financial gain. In the first call, the victim is rushed, and in the second, they are influenced with a perceived position of power. Let’s take the time to think about it – why should the Health Insurance Fund transfer benefits by phone? In addition, would any official direct communication to an alternative messaging application?

Jaan received a call allegedly from Eesti Energia, telling him that he needed to sign a purchase agreement for his company. The fraudster used the name of an employee of Eesti Energia, which could be found on the company’s website in the list of employees. Then, Jaan received a call from an ‘electrician’, who informed him that the electricity meters would need to be replaced due to the new contract. After these credible conversations, Jaan received a call from someone who introduced himself as an official of the Financial Supervision Authority and who also knew the name and address of Jaan’s company. To confirm their meeting, Jaan was asked to sign a confirmation request using Smart-ID. Jaan did so, and was also asked to bring his bank card and PINs to a parcel machine for security reasons. However, Jaan found this last step suspicious and decided to report the events to the police. The police informed him that this was a scam and that he should definitely not send his bank card in the post. Jaan immediately checked the company’s bank account and discovered that €15,000 had been transferred from the account. He immediately called the bank to have the transactions cancelled and the account closed. Jaan managed to recover half of the lost money.

In this example, the fraudster uses the identity of a real person to pressure the victim. People are also intimidated by positions of power. Let’s think about this – Estonian authorities do not ask people to sign contracts over the phone. Contracts are signed via the official self-service portal or by email. It is also worth considering why any public authority would use postal or courier services to transfer money. Using another person’s bank or ID card is not permitted. Why would any official authority ask for a person’s bank or ID card?