Bank fraud on the rise in Estonia: protect yourself this Christmas season

As Christmas shopping reaches its peak and Estonians prepare for the festive season, criminals are working overtime to exploit the busiest and most vulnerable time of year.

With nearly €23 million stolen from Estonian bank accounts in 2025 so far, the threat of bank fraud has never been more pressing.

The festive period creates perfect conditions for scammers, as increased online shopping, financial stress and emotional manipulation combine to make even the most cautious individuals vulnerable to sophisticated fraud schemes.

The alarming statistics paint a clear picture: bank fraud cases more than doubled in 2025, with criminals stealing €6.1 million in just the first eight months of the year compared to €2.3 million for the entire previous year. June alone saw losses exceeding €2 million.

As Christmas approaches and people juggle gift purchases, travel bookings and holiday expenses, fraudsters are ramping up their efforts, knowing that distracted consumers are more likely to fall victim to their increasingly sophisticated schemes.

Understanding the scale of the problem

The average loss in bank transfer frauds last year stood at €1,500, whilst card fraud victims lost an average of €125 per incident.

These figures represent more than just numbers on a spreadsheet – they translate to ruined Christmas celebrations, cancelled holiday plans and genuine financial hardship for Estonian families.

The emotional toll extends beyond the immediate financial loss, as victims often experience feelings of shame, vulnerability and anger at having been deceived.

According to Viktor Tkatšenko, head of Citadele Bank’s anti-money laundering department, the nature of fraudulent schemes has fundamentally changed. Fraudsters are increasingly speaking fluent Estonian and using artificial intelligence to appear as credible as possible. These sophisticated bad actors exploit trust and technology to commit bank fraud, making it harder for individuals to recognize and avoid scams. This linguistic sophistication marks a departure from earlier scams that were easily identifiable by poor grammar or obvious foreign origins.

Today’s scammers operate with the polish of legitimate businesses, making detection far more challenging.

The Christmas vulnerability window

The Christmas season creates a perfect storm of conditions that fraudsters exploit ruthlessly.

Estonian shoppers are expecting multiple package delivery notifications, making them more susceptible to fake courier messages. Financial pressure to purchase gifts and host celebrations can cloud judgement when faced with what appears to be an urgent banking issue.

The emotional nature of the season, combined with the stress of meeting family obligations and managing budgets, significantly reduces people’s natural scepticism.

Last Thursday alone, the Police and Border Guard Board received over 40 reports of scams involving phone calls and online methods, which saw €900,000 stolen from victims in a single day. The scale and frequency of these attacks demonstrate that criminals are operating organised, systematic campaigns designed to overwhelm both victims and law enforcement during peak shopping periods.

How modern bank fraud schemes operate

Understanding how these schemes work is essential to protecting yourself.

The most common method involves a two-stage psychological manipulation that exploits people’s trust in authority and their fear of loss.

Recognizing suspicious patterns in communication or transaction requests, such as unexpected changes in account activity or unusual requests for sensitive information, is key to identifying potential fraud.

The initial contact

Unlike earlier scams with telltale signs of foreign origin, modern fraudsters speak fluent Estonian and use sophisticated social engineering. Jaagup Toompuu, team lead at the Central Criminal Police, explains the typical pattern: criminals first pose as courier companies, government agencies like the Unemployment Insurance Fund, or service providers such as electricity companies or Telia.

They obtain basic banking details through this initial contact, often by creating a sense of urgency around a package delivery, unpaid bill or account security issue. Criminals frequently seek a person’s personal information, such as name, address, or identification numbers, to further their schemes. Scammers may also use or request false information to make their approach seem more credible or to bypass security checks.

The key to this stage is establishing credibility whilst obtaining just enough information to proceed to the next phase. Scammers have become expert at mimicking the communication style and terminology of legitimate organisations, making their initial approach nearly indistinguishable from genuine contacts.

The follow-up trap

The truly insidious element comes next.

The victim receives a follow-up call, purportedly from their bank’s security team, informing them they have been the victim of a scam. This approach is psychologically devastating – the person believes they’re being rescued when they’re actually being ensnared deeper.

The fake “bank employee” drives up the victim’s emotions to diminish their reasoning ability, as Toompuu notes. Speed becomes essential for the scammers, preventing the victim from pausing to think or verify the situation.

During this call, victims are persuaded to enter their PIN-2 codes, and whilst they’re engaged with the scammer, their account is being actively drained or loan agreements are being signed in their name. This process is known as account takeover, where criminals gain access to the victim’s account and act as if they are the legitimate account holder. SEB’s Security Centre head Kätlin Kukk reports that they’ve already prevented a seven-figure amount in losses over nine to ten months, but emphasise that very often they simply can’t reach clients because the client is speaking to the scammer at the same time.

Physical collection schemes

Particularly concerning is the rise in schemes targeting elderly victims for physical collection of cash or bank cards. Cash withdrawal fraud jumped from €50,000 in 2023 to approximately €900,000 in 2024. Security camera footage has captured vulnerable elderly people being instructed over the phone on how to withdraw cash or use parcel machines to send their bank cards, complete with PIN codes, directly to criminals. Criminals may also use hidden cameras to capture PIN entry or other sensitive information during these transactions, increasing the risk of bank fraud.

This summer saw numerous cases where people were told their electricity meters needed replacing and were asked to enter bank PIN codes for the work to be carried out. The brazenness of these schemes – having victims physically hand over cash or cards to couriers who arrive at their homes – demonstrates the criminals’ confidence in their psychological manipulation techniques.

Common types of bank fraud and account takeover affecting Estonians

Phishing attacks masquerading as trusted services

Banking and credit card fraud represents the most common way Estonians lose money to cybercriminals. Phishing emails and SMS messages sent in the name of postal service providers or banks have been popular for years and show no signs of abating. These typically fall into two categories.

The first involves messages purportedly from Omniva, DPD or DHL, claiming a parcel cannot be delivered due to incorrect addresses, unpaid delivery fees or customs charges. These messages often request small payments of a few euros, but once users enter their payment card details, significantly larger sums are withdrawn. Losses typically range from hundreds to tens of thousands of euros. This is a form of ‘card not present’ fraud, which is especially prevalent in online transactions where the physical card is not required.

The second involves emails apparently sent by banks asking recipients to update their information. These stress urgency and set deadlines, pushing people to act without careful consideration.

Cybercriminals often create fake websites that closely mimic online bank login pages to trick users into entering their credentials. Internet banks and online banks are frequent targets of these attacks. Stolen credentials obtained through these phishing attacks can then be used to access victims’ online bank accounts and commit further fraud. The user is directed to a fake website where they’re prompted to log in using Smart-ID and enter their PIN codes.

Investment and cryptocurrency scams

With the crypto boom, fraud involving cryptocurrency has become increasingly common. Information System Authority (RIA) reports that in 2024, they recorded 837 significant fraud incidents – nearly double the 546 incidents reported in 2023. The pattern is often consistent: individuals are offered opportunities to earn money and guided through making initial deposits on cryptocurrency trading platforms.

These scams frequently involve fund transfer fraud, where victims are instructed to use various fund transfer methods, including wire transfers, to move money to fraudulent accounts. Wire transfer fraud is a significant risk in these cases, as criminals exploit the speed and irreversibility of wire transfers, making it difficult for victims to recover their funds once the transfer is completed.

The process typically starts with smaller amounts around €250.

After the initial payment, victims are shown supposed profits, which they can withdraw, building trust and encouraging reinvestment with larger sums.

The second time, they transfer significantly higher amounts, only to be informed that additional fees are required to access their funds. They pay even more but ultimately cannot retrieve either the initial amount or the extra money.

Invoice fraud targeting businesses

Whilst individuals face heightened Christmas season risks, businesses aren’t immune. Invoice fraud has become relatively common, with criminals sending fake invoices under the guise of legitimate business partners.

The phoney invoice usually differs only in payment account details, with the payment being redirected to a different account controlled by the fraudsters, making the fraud easy to overlook. Fraudsters may also collect personal details of company employees to make their impersonation more convincing.

In November alone, RIA received reports about four cases of invoice fraud with damages totalling nearly €300,000. In one case, an Estonian company transferred over €170,000 to fraudsters who had compromised the company’s email account and monitored correspondence with a supplier.

Financial institution responsibilities and responses

Estonian financial institutions have recognised the escalating threat and implemented various protective measures within the broader banking industry. Swedbank lowered daily withdrawal limits to €700 for clients who haven’t withdrawn more than that amount in the past 18 months. As Tarmo Ulla, Swedbank’s head of retail banking, explains, if a client doesn’t actually use large sums, a high limit represents an unnecessary risk.

Banks employ monitoring systems that allow them to intervene in suspicious transactions. These systems monitor digital channels, such as online banking and mobile apps, for suspicious activity and are designed to detect fraud in real time. They use machine learning-based fraud detection that monitors transactions in real-time, looking for patterns that suggest fraudulent activity. Financial institutions also monitor for the creation of new accounts that could be used by money mules to facilitate illegal transactions.

However, the effectiveness of these systems depends partly on victims being available when banks try to contact them – which often isn’t the case when they’re engaged with scammers.

The financial sector has also established collaborative efforts.

The Estonian Payment Forum operates a round table for combating financial fraud that brings together institutions from the public and private sectors. The main purpose involves producing and executing action plans, making proposals for legislative changes, and sharing information between participants.

Individual protection strategies for the Christmas season

The reality is stark: losses are borne by clients in 98% of credit transfer fraud cases and 75% of card fraud cases when they’ve confirmed payments under pressure or shared their data. This places the burden of protection squarely on individuals. Scammers engage in illegal activities, such as check fraud and credit card skimming, with the intent to steal money from unsuspecting victims.

Here are essential strategies for staying safe during the vulnerable Christmas period.

Recognise the warning signs

Adrian Venables, head of TalTech’s cybersecurity programme, emphasises that the key method to defeat fraudsters is education. When someone phones, contacts or emails you wanting something unexpected – particularly money – you need to stop and think. A genuine organisation won’t mind if you say you’re going to verify the information independently before proceeding.

Critical red flags include:

• Any unsolicited contact requesting banking details, PIN codes or immediate action
• Pressure to act quickly without time for verification
• Requests to download screen-sharing software or unfamiliar applications
• Messages about package deliveries when you’re not expecting any (though during Christmas this becomes trickier)
• Video calls or WhatsApp messages from supposed bank representatives
• Requests to transfer money to “secure accounts” to protect from fraud
• Being pressured into making payments via authorized push payment methods, where scammers manipulate you into making payments quickly and irreversibly under false pretenses

Verify independently

If you receive any suspicious communication, take these steps:

1. End the call or close the message immediately
2. Look up the official contact number for the organisation independently (don’t use numbers provided in the suspicious message)
3. Contact the organisation through their official channels, and ensure you are speaking with a legitimate representative or, if you are the account holder, confirm your own identity only through secure methods
4. Ask specific questions about the claimed issue

Remember: banks and government agencies never use video calls, WhatsApp or similar messaging apps for official communications. They also never ask you to download screen-sharing software or request your PIN codes.

Implement practical security measures

• Set up transaction alerts on your bank account so you receive immediate notifications of any activity
• Regularly review your bank statements, especially during the busy Christmas period
• Use a separate bank card or payment card with a lower limit for online shopping to reduce the risk of bank card fraud and limit potential financial loss
• Enable two-factor authentication wherever available
• Keep your banking apps and phone operating system updated
• Be particularly cautious when using public Wi-Fi for any financial transactions

Understand your PINs

In Estonia, your authentication system uses different codes for different purposes:

• PIN1 is for authentication and gaining access – logging into your internet bank or confirming smaller online purchases
• PIN2 is for signing and confirming actions – bank transfers or signing documents, equivalent to handwritten signatures

Never enter PIN2 codes unless you’ve initiated the transaction yourself and are absolutely certain about what you’re authorising. If your phone asks for a PIN2 code unexpectedly, stop immediately and verify what’s happening through independent channels.

Special Christmas shopping precautions

During the festive season, implement additional protective measures:

• Verify online shops thoroughly before making purchases. Check for reviews, secure payment indicators (https://), and contact information
• Be especially wary of deals that seem too good to be true
• When expecting legitimate package notifications, check tracking numbers on official courier websites rather than clicking links in messages
• Consider using payment methods with buyer protection, such as credit cards or PayPal, for online purchases
• Keep records of all transactions, including screenshots and confirmation emails

What to do if you’ve been scammed

Despite best efforts, anyone can fall victim to sophisticated fraud. If you suspect you’ve been scammed, immediate action is crucial:

1. Stop all communication with the scammer immediately – do not enter any more PINs
2. Contact your bank directly using the official customer support number from their website
3. Request immediate account closure or card cancellation to prevent further transactions
4. Save all evidence including SMS messages, emails, screenshots, and call records
5. Report the incident to the Police and Border Guard Board at https://cyber.politsei.ee/report. If your personal or financial information has been compromised, report identity theft and provide details about any stolen information to the authorities.
6. Contact CERT-EE at cert@cert.ee for expert guidance and to help prevent future incidents

Acting quickly significantly improves the chances of recovering money and helping authorities catch the criminals. As Eesti Pank emphasises, whilst mobile operators block more than a million scam calls each week, the key link in the chain remains the individual facing the fraud.

Looking ahead: staying safe beyond Christmas

Whilst the Christmas season represents a particularly vulnerable period, these threats persist year-round.

The sophistication of fraud schemes continues to evolve, with criminals increasingly using AI to create more convincing scams, deepfake technology to impersonate trusted individuals, and complex psychological manipulation techniques refined through extensive testing.

Stolen credentials and personal information are often traded on the dark web, where fraudsters purchase them to commit further crimes. These can include making a fraudulent charge on your credit card, or even facilitating more serious offenses such as drug trafficking by laundering illicit funds through compromised accounts. The dark web acts as a marketplace for personally identifiable information, making it crucial to protect your data and remain vigilant against bank fraud.

The good news is that awareness and vigilance remain your most powerful defences.

By understanding how these schemes operate, recognising warning signs, and taking time to verify unexpected requests, you significantly reduce your vulnerability. Share this information with family members, particularly elderly relatives who may be targeted more frequently. Discuss these issues openly – the embarrassment that often prevents people from reporting fraud also prevents others from learning and protecting themselves.

This Christmas, give yourself the gift of financial security by staying informed and cautious.

The festive season should be about celebrating with loved ones, not recovering from financial fraud. By implementing these protective measures and maintaining healthy scepticism towards unexpected requests, you can ensure that the only surprises this Christmas are the pleasant ones under the tree.

Remember: legitimate organisations will never pressure you to act immediately without verification.

Taking a moment to pause, think and verify could save you thousands of euros and protect your Christmas celebrations from being overshadowed by financial crime. Stay alert, stay informed, and stay safe this festive season.