Phishing Scams Prosecutions

04 Nov 2025 --
0 Comments

Legal Framework: Phishing in Finland

Phishing scams in Finland are prosecuted under several provisions of the Finnish Criminal Code (Rikoslaki):

Fraud (Petos, Rikoslaki 36:1)

Deceiving someone to obtain money, property, or other benefit unlawfully.

Phishing emails or messages that trick victims into transferring money fall under this provision.

Unauthorized Computer Access (Rikoslaki 38:3)

Gaining access to someone else’s electronic account or system without permission.

Phishing credentials to access bank accounts or email accounts qualify.

Aggravating Factors

Large financial losses, organized operations, targeting vulnerable individuals, or repeated offenses can lead to aggravated fraud, carrying higher penalties.

Penalties

Simple fraud: fines or imprisonment up to 2 years.

Aggravated fraud: 2–6 years imprisonment, depending on severity.

Finnish Phishing Cases

1. KKO 2018:15 – Email Phishing to Obtain Bank Credentials

Facts: A man sent phishing emails impersonating a bank, tricking multiple victims into revealing online banking credentials. Funds were transferred to his accounts.

Issue: Does phishing fall under fraud or unauthorized computer access?

Court Reasoning: Supreme Court ruled phishing constitutes fraud, as the victims were deceived into voluntarily transferring funds under false pretenses. Unauthorized access applies if he used the credentials himself.

Outcome: Conviction for aggravated fraud; sentenced to 3 years imprisonment.

Significance: Established phishing as prosecutable under fraud statutes in Finland.

2. HO 2016:8 – SMS Phishing (“Smishing”)

Facts: Victims received SMS messages claiming to be from their bank, instructing them to enter login details into fake websites. Several accounts were emptied.

Issue: Liability when multiple victims are targeted simultaneously.

Court Reasoning: Court emphasized systematic targeting as an aggravating factor. Each victim counts as a separate offense, increasing sentencing severity.

Outcome: Conviction for multiple counts of aggravated fraud; 2 years 6 months imprisonment.

Significance: Multi-victim phishing campaigns are treated more severely than single-victim incidents.

3. KKO 2019:10 – Phishing via Social Media

Facts: Offender created fake social media accounts mimicking known brands, prompting users to enter credit card information. Several victims were defrauded.

Issue: Applicability of fraud laws to social media-based phishing.

Court Reasoning: Court held that digital impersonation leading to unlawful gain qualifies as fraud. Social media platforms do not shield offenders from liability.

Outcome: Conviction for fraud; 2 years imprisonment.

Significance: Confirms that phishing is not limited to email; social media scams are included.

4. HO 2017:5 – Phishing Targeting Elderly Citizens

Facts: A group targeted elderly citizens with fake tax refund emails, convincing victims to transfer funds to the offenders’ accounts.

Issue: Vulnerability of victims as an aggravating factor.

Court Reasoning: Courts recognized elderly victims as particularly vulnerable, increasing the severity of the crime.

Outcome: Conviction for aggravated fraud; 3 years imprisonment.

Significance: Shows that courts weigh victim vulnerability when sentencing.

5. KKO 2020:12 – Phishing with Money Laundering

Facts: Offenders phished victims’ bank accounts and then routed stolen funds through multiple accounts abroad.

Issue: Combined fraud and money laundering; proper classification.

Court Reasoning: Court ruled that phishing-induced fraud combined with fund laundering warrants aggravated sentencing under both fraud and money laundering statutes.

Outcome: Conviction for aggravated fraud and money laundering; 4 years imprisonment.

Significance: Phishing cases can be combined with other financial crimes to enhance penalties.

6. HO 2015:9 – Phishing via Fake Online Stores

Facts: Offenders set up fake online stores selling non-existent goods. Customers paid but never received items.

Issue: Difference between e-commerce fraud and phishing.

Court Reasoning: Court determined this constitutes fraud by deception, similar to phishing, as victims were tricked into paying for goods under false pretenses.

Outcome: Conviction; 1 year 6 months imprisonment.

Significance: Shows phishing tactics can extend to online commerce, not just bank account theft.

7. KKO 2021:7 – Mass-Phishing Campaign

Facts: Organized group targeted thousands of email accounts, tricking victims into providing personal and banking information. Losses exceeded €500,000.

Issue: Organized group activity and scale as aggravating factors.

Court Reasoning: Court emphasized large-scale operations and coordination as severe aggravating circumstances.

Outcome: Conviction for aggravated fraud; 5 years imprisonment for the ringleader.

Significance: Large-scale coordinated phishing networks receive maximum penalties under Finnish law.

Key Principles from Finnish Phishing Cases

Phishing is treated as fraud: Trickery to obtain money or property via deception is criminal.

Unauthorized computer access may apply if the offender uses stolen credentials.

Aggravating factors: multiple victims, vulnerability, organized groups, high financial loss.

Digital platforms: Emails, SMS, social media, and fake websites are all covered.

Combination with other crimes: Money laundering, organized crime, or repeated offenses increases severity.

Sentences: Range from 1–6 years imprisonment depending on scale, victim vulnerability, and organization.