Active cyber crisis management safeguarded stakeholder trust 

In late August 2025, Finnish companies were targeted by an exceptionally severe SMS phishing campaign. Criminals exploited strong authentication and gained one-time access to companies’ financial management systems. The campaign also targeted Netvisor, one of Finland’s most widely used financial management services. Visma Solutions and Netprofile acted immediately to manage the situation, where the stakes included companies’ cash assets, trust in the industry and, more broadly, the security of digital Finland. 

When phishing targets financial management, the consequences can be immediate and severe 

The phishing messages were crafted in a highly deceptive way, appearing to come from authorities. Some recipients clicked the link and granted access to the Netvisor environment through strong authentication. 

As a result, criminals gained access to company accounts and were able to make transfers. Some companies suffered significant financial losses. The threat did not concern individual companies alone, but the entire financial management ecosystem. The situation required rapid, consistent and transparent action. 
 

Proactive communication and authority collaboration prevented escalation 

As concerned customers began reaching out, Netvisor activated its incident management process and implemented a pre-defined crisis management and communication plan. Cooperation with Netprofile and authorities was launched immediately. Connections were established with Finland’s National Cyber Security Centre, the police, and the National Emergency Supply Agency’s financial administration pool. 

From the outset, communication was based on an open and precise situational picture: the issue was not a vulnerability in the Netvisor service, but a method developed by criminals to exploit strong authentication via end users. This distinction proved critical in maintaining trust among both customers and the media. 

Netprofile supported Visma in building a strategic situational overview, aligning communications with authorities and proactively managing media relations. As media typically follow the lead of authorities, messaging was closely coordinated particularly with the Cyber Security Centre. 
 

Rapid technical measures and clear guidance limited further damage 

Customers were informed clearly and repeatedly across channels and guided to adopt technical measures to protect themselves against phishing. In parallel with communications, Netvisor’s product development team implemented additional security measures. Open information sharing also supported cybersecurity authorities in their work. 

Controlled crisis management preserved trust and reinforced responsibility 

The acute phase of the crisis was brought under control quickly. Further criminal activity was stopped, and many companies avoided significant financial losses thanks to rapid technical action and proactive communication. Netvisor maintained its reputation as a trusted financial management partner among key stakeholders. 

The case also triggered broader discussion on increasingly sophisticated forms of phishing. Open communication and close cooperation with authorities built trust and strengthened Netvisor’s position as a responsible actor. 

“The proactive communication strategy proposed by the agency prevented the situation from escalating. Successful crisis management is not accidental, but the result of preparedness, practice and cooperation.” 

 
Tiina Holm, SVP Communications and Sustainability, Visma Solutions