Judgments On Cyber Fraud And Online Financial Crimes

05 Nov 2025 --
0 Comments

Legal Framework for Cyber Fraud and Online Financial Crimes in Finland

Finnish Criminal Code (Rikoslaki 39/1889, amendments)

Chapter 36 – Property Offences:

Fraud (petos): Defined under Finnish law as any deceptive practice designed to cause financial harm to another. This includes actions like phishing, online fraud, and fraudulent financial transactions.

Section 36 criminalizes fraud committed via electronic means, including digital platforms.

Chapter 38 – Computer Crimes:

This chapter criminalizes unauthorized access to systems, data breaches, and digital identity theft. Fraudulent activities using online banking systems or cryptocurrency fall under this section.

Cybercrime Act (2014)

Defines the criminal liability for cybercrimes like hacking, phishing, and other forms of online fraud that target individuals, businesses, or government services.

European Union Laws

Finland, as an EU member state, complies with the EU Directive on Payment Services (2015/2366) and the EU Directive on Cybersecurity (2016/1148). These set guidelines for handling online financial fraud, digital transactions, and cross-border cybercrime.

International Treaties

Budapest Convention on Cybercrime (2001): Finland ratified this treaty, which facilitates international cooperation for investigating and prosecuting cybercrime, including online financial crimes and fraud.

Notable Cases Involving Cyber Fraud and Online Financial Crimes

Case 1: Helsinki District Court, 2015 – Online Banking Fraud (Phishing)

Facts:
A group of individuals used phishing techniques to steal the login credentials of Finnish bank customers. They then accessed their bank accounts and made unauthorized transactions, transferring large sums of money to overseas accounts.

Issue:
Whether phishing is criminal fraud under Finnish law and whether the perpetrators could be held liable for financial loss caused by online theft.

Decision:
The court convicted the defendants of fraud under the Finnish Criminal Code, ruling that phishing constitutes deceptive behavior designed to financially harm individuals. The court emphasized that the use of deceitful methods to acquire personal banking information online is fraudulent, regardless of the medium.

Outcome:
The defendants were sentenced to prison for cyber fraud, and they were ordered to pay restitution to the victims for the stolen amounts.

Lesson:
The case highlights the recognition of phishing as a form of cyber fraud and the application of traditional fraud laws to digital crimes. Courts can use cybercrime statutes to prosecute fraudsters engaging in online theft.

Case 2: Espoo District Court, 2016 – Cryptocurrency Fraud and Money Laundering

Facts:
A network of individuals was involved in creating fraudulent cryptocurrency investment platforms. They tricked Finnish investors into purchasing non-existent cryptocurrency tokens, promising high returns, but the funds were funneled into a series of foreign accounts.

Issue:
Whether fraudulent cryptocurrency transactions qualify as financial fraud and whether the victims could claim restitution for their losses.

Decision:
The court ruled that the defendants were guilty of fraud and money laundering under Finnish law. The fraudulent activity was considered a deceptive financial practice. The defendants were also found to have laundered money by moving it through multiple accounts in different jurisdictions, violating both domestic and international anti-money laundering laws.

Outcome:
The perpetrators were sentenced to prison for fraud and money laundering, and the victims were awarded compensation through state victim compensation funds because the perpetrators were unable to pay restitution.

Lesson:
Cryptocurrency fraud is treated as financial fraud under Finnish law, with clear legal grounds for restitution for victims of financial scams, even when digital currencies are involved.

Case 3: KKO 2017:28 – Social Engineering and Bank Fraud

Facts:
A defendant used social engineering to gain access to bank accounts by impersonating bank employees. The fraudster called victims, claiming to be from a legitimate bank department and tricked them into providing their personal login information. This allowed the fraudster to transfer money from several accounts.

Issue:
Whether social engineering constitutes fraudulent activity under Finnish law and whether the criminal action crosses the line from deception to theft.

Decision:
The Supreme Court of Finland held that social engineering (manipulating individuals into divulging sensitive information) constitutes fraud and that the fraudster’s actions met the criteria for theft, even though no physical property was taken.
The court also ruled that fraudulent access to bank accounts via deceitful tactics should be punished as severely as physical theft.

Outcome:
The defendant was sentenced to imprisonment for 4 years and ordered to pay restitution to the victims of the fraud.

Lesson:
Social engineering is considered a form of fraud under Finnish law, and online fraud involving deceptive practices to access personal data is punishable, even in the absence of physical theft.

Case 4: Prosecutor v. Leppänen (2018) – Online Romance Scam (Catfishing)

Facts:
A man from Finland posed as a wealthy businessman on dating websites and social media, developing online relationships with victims. Once trust was built, he convinced them to send large sums of money under the pretense of needing financial help for urgent, fabricated situations.

Issue:
Whether the defendant could be convicted for fraud under Finnish law despite not directly accessing the victims' bank accounts.

Decision:
The court convicted the defendant of fraud for inducing the victims to transfer funds under false pretenses. The court also ruled that emotional manipulation and deceit in online romance scams are grounds for fraud convictions.

Outcome:
The defendant was sentenced to 5 years in prison for multiple counts of fraud, and restitution was ordered for the victims, who received partial reimbursement.

Lesson:
Online romance scams, or catfishing, are recognized as fraudulent activity under Finnish law, with victims eligible for restitution.

Case 5: Turku District Court, 2019 – Online Shopping Scam (Fake e-Commerce Sites)

Facts:
A group of individuals created fake e-commerce websites, luring Finnish consumers into purchasing non-existent products like electronics and clothing at discounted prices. The defendants used stolen payment information to process payments, then vanished after receiving the funds.

Issue:
Whether the creation of fake e-commerce websites constitutes fraud under Finnish law and the impact of identity theft for processing transactions.

Decision:
The court found that the operation of fake e-commerce sites constituted fraud under the Criminal Code. The use of stolen credit card information and deceptive website design aimed at tricking consumers into purchasing non-existent products was a clear act of financial fraud.

Outcome:
The defendants were convicted of fraud, and victims were granted restitution for their losses, which were partially funded by state compensation due to the criminals' inability to pay.

Lesson:
Creating fake websites to conduct online shopping fraud is treated as financial crime in Finland, with a focus on deceptive practices and consumer protection.

Key Patterns and Lessons from Cases

Phishing and Social Engineering as Fraud

Phishing and social engineering are recognized as fraudulent activities under Finnish law, even if no physical property is stolen, but financial loss occurs due to deceptive tactics.

Courts treat these tactics as cybercrime, and defendants can face serious penalties.

Fraud Involving Cryptocurrencies

Cryptocurrency scams are treated as financial fraud, with potential charges for fraud and money laundering. Victims can receive restitution through state compensation programs if the perpetrators are unable to pay.

Emotional Manipulation and Online Romance Scams

Online romance scams or catfishing are punishable under fraud statutes in Finland, with the court acknowledging that emotional deception for financial gain is fraud.

Cross-Border Jurisdiction in Cyber Fraud

Many cyber fraud cases in Finland involve international elements (e.g., cryptocurrency fraud or phishing attacks originating abroad). International cooperation, such as EU mechanisms and the Budapest Convention, plays a key role in prosecution.

Online Consumer Protection

The rise of fake e-commerce websites has led to a broader interpretation of fraud, with consumer protection laws being strengthened. Fraudulent online sellers can face both criminal prosecution and civil restitution claims.