Scams remained in the public eye for almost the entire year. The media published hundreds of articles, while RIA, the Police and Border Guard Board, banks and many other organisations ran campaigns and awareness initiatives on how to recognise scams and protect oneself. Despite this, fraudsters walked away with larger gains than ever before, and scams account for the largest share of all the incidents registered by RIA. Individuals are most frequently targeted, but by loss amount, business-related fraud causes the most significant financial damage.
More convincing scams
Scammers are becoming ever more convincing and sophisticated. Where fraud could once be spotted through poor Estonian grammar or the use of Russian, these clues can no longer be relied on. Today, we see scams carried out in fluent Estonian, making them increasingly difficult for unsuspecting victims to recognise. The best defence is to stay informed about scams currently in circulation.
As in previous years, phishing messages purporting to be from postal and delivery service providers continued to spread widely. Alongside these, however, phone scams increased sharply, affecting both private individuals and company representatives. Scams targeting businesses often result in losses of hundreds of thousands of euros, with little chance of recovery.
Phone scams surged
Every day, people in Estonia lose tens of thousands of euros to phone scams. One common scheme involves a sequence of calls. In the first, the victim is pressured to act quickly – for example, by being offered the return of a supposed compensation payment . In the second call, the caller claims the first call was from fraudsters and that immediate action is needed to stop them, requiring the victim to log in to their bank and confirm this by entering their Smart-ID or Mobile-ID PIN.
Calls claiming that an electricity meter or switchboard needs to be replaced are also common. One non-profit organisation fell victim to such a scheme. The first fraudster introduced himself as an electrical switchboard installer. As the person answering the call was indeed expecting such an installation at a construction site, an appointment was agreed upon. At the end of the call, the fraudster asked the victim to confirm the appointment using Smart-ID, and the victim entered their PIN1. This was followed by calls from fraudsters posing as a police officer and a bank employee, claiming that the victim’s bank account had been accessed illegally and several transactions had been made. To reverse these, the victim was repeatedly asked to enter PIN1 and PIN2 codes. As a result, more than 120,000 euros were transferred from the non-profit organisation’s account to the fraudsters.
A similar scheme was attempted against a Latvian project manager of the Äripäev newspaper. In the first call, the victim was asked to confirm the replacement of an electricity meter by entering a Mobile-ID code. This was followed by a call from a person posing as a bank employee, who claimed that an unknown individual had attempted to access the victim’s bank account. A third call came from a fraudster posing as a police officer via WhatsApp, allegedly because the channel was harder to intercept. At some point, the calls began to seem suspicious, and the victim contacted their bank’s account manager , who confirmed that it was a scam.
How to recognise and avoid phone scams
- Common phone scam schemes include:
- warnings about suspicious transactions on a bank account
- contact regarding supposedly unused compensation payments
- requests for money to resolve an accident involving a relative, such as paying hospital bills
- offers of attractive investment opportunities
- If you receive a call from an unfamiliar number with a foreign country code, do not answer it unless you are expecting such a call.
- Do not share personal information over the phone or enter it on websites to which you are directed during a call.
- Never share or enter your PIN codes. No bank or public authority will ask for them. A bank may request PIN1 to verify your identity only if you initiated the call yourself.
- Do not agree to move the conversation to an alternative communication channel, such as WhatsApp.
- If you are asked to install software, such as AnyDesk, on your device, end the call and do not install the software.
- If the caller pressures you to act quickly or uses fear tactics, take time and discuss the call with someone you trust.
A million-euro fraud case goes to court
In August, it became public that the machinery manufacturer Hekotek had lost hundreds of thousands of euros to fraudsters. The chain of events began with a phone call to the company’s chief financial officer, during which the callers posed as employees of the Estonian Health Insurance Fund. Using information obtained during that call, the fraudsters were able to create a new Smart-ID account in the CFO’s name. Subsequent calls involved impersonating bank employees and police officers, allowing the fraudsters to access the CFO’s computer via the remote desktop tool AnyDesk.
They opened the banking application and authorised payments using the Smart-ID account they had created. Within two hours, 52 transfers were made from the company’s account, totalling 1.6 million euros. Part of the money was recovered, but final losses still exceed one million euros. The company is now in a legal dispute with its former CFO, with the court expected to determine who bears responsibility for the damage and to what extent.
CEO fraud and invoice scams
CEO fraud involves an email that appears to come from a company’s chief executive and is sent to an employee, often the chief financial officer or an accountant, requesting an urgent transfer. The real beneficiary of the payment is the fraudster. Invoice fraud, by contrast, involves sending an organisation a fake invoice in the name of a legitimate business partner.
In August, an employee at one Estonian company was persuaded to purchase gift cards. The fraudster sent an email in the CEO’s name and then moved the conversation to WhatsApp. There, the employee was led to believe that the manager was requesting the purchase of gift cards. The employee complied and fell victim to the scam, resulting in total losses of approximately 550 euros.
In November, fraudsters carried out another successful invoice scam. A company received an email, apparently from a long-standing supplier, that attached an invoice and stated the supplier’s bank account details had changed. As changes to banking details had occurred before, the invoice did not raise suspicion. The company paid the invoice for approximately 50,000 euros. It later emerged that the money had been transferred to the fraudsters’ account and could not be recovered.
Also in November, details of a CEO fraud scheme carried out in 2022 at the Estonian Traditional Music Centre, a non-profit organisation that organises the popular Viljandi Folk Music Festival, became public. An email purporting to be from the organisation’s director was sent to the accountant, asking about the account balance and requesting a 28,000-euro transfer. The accountant approved and made the transfer. The following day, another email requested a further transfer of 19,500 euros. A few days later, a third payment of 25,350 euros was made. All payments were sent to foreign bank accounts, and the emails instructing the payments appeared to have been sent by the centre’s director. Once the fraud was discovered, one transfer could be cancelled, but total losses still exceeded 53,000 euros.
How to avoid falling victim to business fraud
- Establish clear rules and procedures for processing payments within your organisation. For example, a two-person approval rule can be implemented, requiring that at least two employees confirm every invoice.
- Train employees regularly on cyber threats. This should include reminders on how to recognise phishing emails. One option is to use RIA’s Cyber Test.
- Make it as difficult as possible for criminals to spoof your organisation’s email addresses by configuring SPF, DKIM and DMARC.
- Protect email addresses published on your website from spam bots or, where possible, avoid publishing the email addresses of all employees.
- If in doubt, contact the supplier or business partner directly to verify the message. Always use a known contact number, not one provided in a suspicious email.
Phishing campaigns continued
In 2025, scam emails purporting to be from telecom providers Telia and Elisa circulated widely. These messages claimed that the recipient had either an unpaid invoice or a credit balance. In both cases, the email included a link that directed users to enter their bank card details. The messages were sent from suspicious email addresses that did not belong to the service providers in question. Neither company sends such emails or requests bank card or other sensitive details by email. All billing-related information is available through the companies’ self-service portals.
Phishing messages impersonating postal and delivery service providers, familiar from previous years, also continued to circulate. These were sent both by email and via text message. Recipients were led to believe that a parcel was waiting for them and that, to receive it, they needed to pay customs charges or provide their bank card details under some other pretext. Such scams aim to obtain the victim’s card details and use these to drain the account. Typically, the message suggests that only a few euros need to be paid, but the actual loss can be as high as the account balance or credit limit allows.
The suspicious links and sender details indicate a scam. In such cases, pay close attention to the actual sender address, not just the displayed name, and to the domain used in any links. Check whether it genuinely belongs to the service provider named in the message.
As a reminder, no institution – whether a bank, the police or a postal company – will ask for bank card details by email. Requests of this kind are a clear sign of phishing.
Investment scams: losses guaranteed
In 2025, people in Estonia lost nearly 6 million euros to various investment scams. Victims are presented with seemingly attractive investment opportunities, often advertised as low-risk or risk-free, with guaranteed high returns.
The proposed investments may include cryptocurrencies, shares or bonds that fraudsters promote as new products, technologies or business opportunities. Victims are contacted by phone, email, or social media and directed to a website that appears legitimate. Today, scam websites are highly convincing, and users may not realise they are being deceived when entering their personal details.
Not everything that glitters is gold. Unfortunately, the old adage applies here as well: if something seems too good to be true, it is very likely a scam.
Fraudsters are becoming increasingly sophisticated. Last year, for example, a video circulated in which President Alar Karis appeared to encourage people to invest in a new state-run platform. The video promised a guaranteed weekly income of 870 euros. It was, of course, a scam, and the video itself was a deepfake. The fraudsters sought to build credibility by exploiting the authority of the President of Estonia.
Investments that ended badly
- During online communication, a 41-year-old woman was persuaded to make deposits on a cryptocurrency investment platform and to take out a loan to do so. She was unable to withdraw money from the platform and was repeatedly asked to make additional payments. The damage amounted to 9,936 euros.
- In the summer, a 68-year-old woman found an online advertisement for an investment opportunity and left her contact details on the website. Shortly afterwards, she was contacted by a person who presented themselves as an investment broker and guided her through the transfer process. The platform turned out to be fake, the money could not be recovered, and the supposed financial adviser disappeared. The loss was nearly 15,000 euros.
- A 39-year-old man saw an investment advertisement on Facebook and joined a WhatsApp group where the platform was explained and an account was created for him. With the help of a person posing as a broker, he made transfers and granted remote access to his computer via AnyDesk. He also took out several loans to invest more. The platform was fraudulent, and the money could not be recovered. The loss exceeded 28,000 euros.
- A 57-year-old man was contacted by someone presenting themselves as an investment adviser. Acting on the adviser’s guidance, he registered on a cryptocurrency trading platform and made an initial deposit of 1,300 euros. Over the following six months, and in line with the fraudsters’ instructions, he transferred 504,400 euros from his company’s accounts to the fake platform.
Estonian police help dismantle an international criminal network
In mid-October, an international police operation targeted a criminal network that sold phone numbers registered in different countries and facilitated, among other things, investment scams and fraud targeting private individuals.
The network operated an online platform that provided anonymous accounts to perpetrators of fraud. In this way, losses exceeding 5 million euros were incurred by at least 3,200 victims in Estonia, Latvia and Austria.
During the operation, Latvian police arrested five suspects, including the network’s alleged leader, and seized 40,000 active SIM cards. Estonian police also took part in the operation and detained one person wanted in Estonia, who is suspected of organising arson attacks and extortion.
Last updated: 11.02.2026
