Estonia Grapples with Rise in Financial Frauds as Fake Invoice Scam Spreads

The Estonian Information System Authority (RIA) has reported a significant surge in cyber incidents, with 251 cases registered in January alone. The main concern is a new type of financial fraud that is gaining traction, targeting the customer base of large companies with fake invoices.

Fake Invoice Scam

In recent weeks, RIA received information about three attempts at financial fraud involving fake invoices sent by criminals claiming to be from reputable Estonian companies, including those in the construction, medical, and logistics sectors. The scammers requested that cooperation partners and customers transfer funds to their bank accounts.

• On two occasions, the fraudsters registered domains similar to the names of the targeted companies.
• In a third instance, they exploited the company’s own email domain vulnerabilities.

According to Tonu Tammer, head of RIA’s department responsible for security incident management, “This is a newer scam that could cause significant financial loss in the future as it may target the entire customer base of some companies.”

Combating the Threat

To combat this threat, RIA has issued guidelines to the public sector on securing email exchanges using SPF, DKIM, and DMARC protocols. The guide is also applicable to private companies, which are urged to take steps to prevent misuse.

Ongoing Cyber Threats

Meanwhile, ransomware attacks continue to plague Estonia’s digital landscape. In January alone, RIA was notified of six incidents involving corporate or private computers infected with ransomware that encrypts data. One such attack halted the operations of an industrial company for 36 hours, resulting in an estimated economic loss of €17,000.

As Estonia grapples with these financial fraud schemes and cyber threats, authorities urge citizens and businesses to remain vigilant and take proactive measures to protect themselves from falling prey to scammers.