Cookies

By clicking "Allow All", you agree to the use of cookies to enhance website functionality, analyse website usage and assist with marketing.

More on cookies

Five real-life fraud stor­ies

At Landsbankinn, we have never received as many notifications of attempted cybercrime as this year. This year to date, fraud notifications are more numerous than the entire year 2024, which in itself was a record year. On the bright side, damages from cybercrime have not grown in line with the increase in incidents. Many have nevertheless lost large amounts and, in some cases, a significant portion of their life savings.
Netöryggi
28 May 2025

Landsbankinn, other banks, the media and various associations have repeatedly warned against the threat of cybercrime without managing to reach everyone. The fraudsters are smart and continue to develop new methods. To show you how this really goes down, we want to share some real-life fraud stories that happened this year. Only the names of the victims have been changed.

At a lecture and not fully focused on the phone

Jón was attending a lecture when he got a text from his cousin on Messenger, asking for Jón’s phone number. The next message from the cousin told Jón about a game where he could win ISK 200,000! While Jón continued to listen to the rather interesting lecture, his focus was not fully on his phone and he confirmed a couple of authentication requests through his electronic ID which he assumed were necessary to receive his winnings from the game. After the lecture, Jón noticed that his bank had been trying to contact him because of a suspicion that Jón might have let fraudsters access his online banking. Cybercriminals had taken advantage of the authentication requests Jón had approved without reading the message that appears in electronic ID to transfer over ISK 10 million from his accounts. It was not possible to recover these funds and, as Jón approved the transactions with electronic ID, he has no recourse.

Cheap container - it’s a steal

Recently, a large container was advertised for sale on domestic buy/sell sites on Facebook. Several individuals and representatives of legal entities wanted to buy the container for a steal price. They completed the purchase and received an invoice, which appeared to be from a legit company, with directions to transfer payment to a certain account, which the buyers did. But there was no container - the whole thing was a scam. A closer look at the invoice from the seller shows that the Id.No. of the account holder was that of a private person rather than a company, which is unusual.

Unexpected call from Microsoft

Guðrún got a call from an Icelandic phone number. The caller spoke English and said he was calling on behalf of Microsoft. He told Guðrún that her phone had been hacked by 100 hackers. For Microsoft to help her, she needed to download an app called AnyDesk which grants full access to the phone or computer it is set up on. When she had downloaded AnyDesk and let him into her phone, she was asked to log in to a banking app. The man on the phone, who had said he was from Microsoft but was really a scammer, had then gained full access to Guðrún’s phone and could see when she entered the PIN for her electronic ID to open the banking app. He then had full access to both her device and the app and was able to approve all financial actions with the PIN to electronic ID. He was able to use this to withdraw ISK 3 million from Guðrún’s accounts. Only a part of that amount was recovered.

Email spoofing Skatturinn

Guðmundur got mail that looked to be from the tax authorities (“Skatturinn”). The mail stated that Guðmundur was due a tax refund. To get the refund, he was required to open a link in the email that led to a page where he was asked to choose his bank and authenticate with electronic ID. Guðmundur opened the link and entered a fake website. On that site, Guðmundur was asked to enter his card number in order to receive the refund. Guðmundur entered the number and got an authentication request to approve the payment with electronic ID, which he did. Had Guðmundur read the message that popped up in his electronic ID, he would have seen that it was not to deposit money to him; rather, his card was being debited for payment of ISK 50,000 from abroad. Guðmundur lost the ISK 50,000 but fortunately, the fraudsters didn’t take advantage of their access to his online banking account where they could have done much more damage.

Would you like to build your pension with bitcoin?

Sigurður was taking his first steps investing in bitcoin when he received a call from Jack, who introduced himself as a representative of the company Sigurður was trading with. Jack presented Siggi with a great opportunity: to build his pension with the company using bitcoin. Sigurður agreed to send a couple of payments. A little while later, Sigurður started having second thoughts and he contacted his bank. It transpired that both transactions were a scam, both the bitcoin investment and the pension plan – the company he’d been trading with didn’t exist. Sigurður had by then sent around ISK 15 million that could not be recovered. A couple of weeks later, Jack again contacted Sigurður to tell him that his funds were actually in Jack’s care. To get his money back, Sigurður was told to send a 20% insurance fee to redeem the funds, which Sigurður did. There was more communication and more back and forth over some time. Long story short - the whole thing was a scam and Sigurður lost more than twice the original amount in trying to redeem it.

Stay focused in finance

Many Icelanders will recognise cybercrime and fraud attempts akin to those I’ve recounted above. To avoid falling victim to such attempts, we need to be very careful. It is really hard for my colleagues and I who try to prevent fraud and work to recover stolen funds to see our customers loose large sums. I’d really like to repeat some important advice: Never approve a login request with electronic ID unless you are completely sure what’s happening. Do not click on links without examining them closely. Don’t be tempted by “too-good-to-be-true” offers online. Don't execute transactions or approve payments unless you are devoting your entire focus to the task.

We also recommend that you read up on how to guard against cybercrime available on various forums, including Landsbankinn’s website.

You may also be interested in
2 Dec. 2024
Length matters: The strongest passwords
What are the best and strongest passwords? Best and strongest isn’t quite the same, because good passwords need to combine the qualities of being memorable AND a strong defence against cybercrime. The answer might surprise you!
Öryggi í netverslun
22 Nov. 2024
14 tips to improve safety in online shopping
Shopping online is not without its risks, as fraudsters and cybercriminals go to great lengths to steal payment information or defraud people in other ways. Below are some simple tips to help prevent you from falling victim to cybercrime.
Öryggi í netverslun
31 Oct. 2023
How to guard against cybercrime
Cybercriminal activity is on the rise. We’ve compiled accessible information on how to recognise cyberfraud and private measures we can take to protect against it.
Netöryggi
13 Jan. 2023
Be careful of social media fraud - never forward codes received in text messages
We want to warn our customers against cybercrime activity, especially attempts perpetrated through social media and messaging apps, which have been rampant of late.
30 June 2021
Beware of internet fraud and false messages
The summer months usually see an increase in attempted internet fraud. Scammers may be hoping that people on vacation are more likely to thoughtlessly click on links or fail to read text messages or e-mails carefully before responding to them.