Smishing in the Nordic countries

Key takeaways

• High smartphone penetration means the Nordics are susceptible to smishing
• Nordic cultural and technical factors are at play
• Trusted brands are used to recreate familiar, legitimate routines

Smishing has grown from a peripheral threat to a leading form of digital fraud in the Nordics. Between 2020 and 2025, its evolution has been driven by shifts in user behavior, rapid digitization of banking and services, and increasingly sophisticated tactics deployed by organized fraud networks. Telia Nordics reports that cyber attacks in the Nordics have increased by 466 percent between Q1 2023 and Q1 2024.

Smishing attacks exploit the intimate and direct communication factors of SMS. This makes it uniquely effective in the Nordic countries, where smartphone penetration exceeds 96 percent and mobile-first services dominate daily life.

High digital adoption

Nordic countries lead the world in smartphone usage, mobile banking, and digital ID systems. This creates many digital entry points and user routines that can be imitated.

Hybrid work and BYOD environments

Employees frequently use one mobile device for both private and business communication. This practice, commonly referred to as BYOD (Bring Your Own Device), allows personal smartphones to access corporate email, messaging platforms, and internal systems. A successful smishing attack targeting an employee can lead to lateral movement within corporate systems.

All generations are now vulnerable

Initially, older users were more often targeted, but this has changed. According to a Finnish survey by Nordstat, nearly 30 percent said they use digital services less, due to fear of fraud attempts.

Weak SMS security controls

Compared to email, SMS lacks modern security protocols like SPF, DKIM, or DMARC. This makes it more difficult to verify sender authenticity.

Mobile‑first behavior

A large percentage of the population has received legitimate digital messages from banks, tax agencies, and delivery companies. This normalizes SMS as a channel for interactions.

Language and localization

Smishing campaigns are increasingly customized in local languages, with correct spelling, professional tone, and regional references. These are often generated with the help of AI.

Trusted brands are impersonated

PostNord scams have appeared in all four countries where they provide postal services, often involving messages about failed deliveries or unpaid fees. In Finland, government agencies warned of scam messages sent in the name of Suomi.fi, a service register provided by the Finnish government to make it easier to conduct business with public authorities. In Denmark, recent campaigns mimicked public institutions and SMS providers after a breach in mid-2024 exposed 700,000 phone numbers and messages.

Regulations

Inconsistent regulations

Due to the lack of uniform SMS sender verification standards across Europe, cybercriminals are still able to exploit these vulnerabilities. In April 2025, the UK took a notable step by becoming the first European nation to prohibit SIM farms, as announced by the Home Office, aiming to disrupt smishing at scale. Although this initiative marks progress, a broader, EU-wide regulatory framework is needed to address the root causes of smishing and ensure a consistent level of protection for users across borders. Without coordinated action, attackers will continue to target countries with weaker enforcement.

Finally, Nordic organizations are especially attractive to organized cybercrime groups. In 2023, Swedish authorities estimated that digital fraud generated around SEK 6.3 billion for criminal gangs. Smishing and vishing accounted for more than SEK 425 million. According to Norwegian and Swedish police, cross-border fraud rings have increasingly targeted Norwegian citizens using Swedish infrastructure, exploiting jurisdictional boundaries and high trust in digital systems.

Taken together, these factors show why the Nordic region has become a prime target for smishing campaigns. High digital adoption, trusted institutions, and widespread mobile usage create an environment where attackers can easily mimic legitimate communication patterns and exploit familiar routines.

In the next article, we will explore the technical mechanisms behind smishing campaigns, including SMS spoofing, phishing websites, and the tools attackers use to distribute fraudulent messages at scale. If you want to explore the full research now, you can download the complete report here.

Download the full report →