Elisa Phishing Scam Escalates With Fake Billing Alerts
A new wave of phishing emails impersonating Estonian telecom company Elisa is targeting customers with fraudulent unpaid bill notices, aiming to steal banking credentials on fake websites as part of a broader fraud landscape that cost residents €29 million last year.
- —A new wave of phishing emails impersonating Elisa has emerged, falsely claiming customers have unpaid bills or delayed payments to trick them into revealing banking details on fake websites.
- —These fraudulent emails mimic Elisa's official communication style and visual branding, often warning of service disruptions or additional fees if immediate payment is not made.
- —Elisa's information security team has blocked nearly 200,000 malicious websites in the past year and is actively responding to new phishing attempts, though fake pages reappear rapidly.
- —The company advises customers to verify sender email addresses and website URLs, avoid clicking payment links in emails, and use Elisa's official self-service portal for transactions.
- —The increase in scam activity follows a relatively calm start to the year, with authorities noting that Estonian residents lost 29 million euros to fraud in the previous year.
Recap
This phishing campaign leverages the trusted brand of a major utility to exploit customer anxiety over billing, a highly effective tactic. While Elisa's defensive measures are substantial, the rapid regeneration of fraudulent sites demonstrates the persistent and adaptive nature of the threat. The operation fits into a larger pattern of high-value digital fraud in Estonia, indicating that these are not isolated incidents but part of a lucrative criminal enterprise that continues to extract significant sums from the public.