Language switcher

You are here

Salary account fraud on the rise

CERT-EE reports an increase in the number of instances of salary account fraud wherein the employee sends a letter to the HR manager requesting that their salary be transferred to a new bank account starting from the following month. In reality, however, this request is sent by cybercriminals, who take the money.

In the salary account fraud scheme, cybercriminals send a brief e-mail in relatively convincing Estonian to the HR manager, requesting that their salary be transferred to a new bank account starting from the following month. A visual fraud is used – a letter is replaced in the name of the employee or a barely noticeable alteration is made in the domain name (ettevõ vs ettveõ In addition, the insufficient security of the mail account may be exploited to fake the address of an employee, which is difficult for regular people to notice.

According to Tõnu Tammer, Head of CERT-EE, requests of changing the salary account should be required to be signed digitally. ‘This would help to prevent the majority of salary account fraud and prevent causing financial loss to the company. The exploitation of the company’s e-mail address can be prevented with the DMARC solution, which also displays any misuse of the company’s domain.’

Kertu Kärk
Head of the Communication Department at RIA
5850 9665

More news on the same subject


Cyber Security in Estonia 2020: A Comprehensive Look At The Estonian Cyber Landscape

11.05.2020 - The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia. “Cyber Security in Estonia 2020”, available at, explains the landscape, the responsibilities and activities of different public sector organizations in Estonia who all contribute to keep Estonians safe online. From setting up a cyber security standard to combating cyber crime to training military cyber defence operators, every agency has a vital role to play. 


RIA warns: Be especially IT-conscious during the emergency situation

This week, the Information System Authority (RIA) launched a new cybersecurity campaign, ‘Be especially IT-conscious during the emergency situation’, which warns people about cyber threats related to teleworking. All tips for safe distance learning and working at a home office are gathered on the website