Criminals are using fraudulent messages to phish for customers’ user IDs

Criminals are sending messages in the name of OP. The contents of the messages may change quickly, but they share a common feature: they invoke an urgent and important matter to persuade people to log into the online bank via a link sent in the message.

OP Financial Group never sends SMSes or email messages requesting customers to log in, via a link, using their online bank user identifiers.

Not even for receiving or cancelling a payment, you don’t need to log in via the link, confirm with codes or give your card data. If you are asked to act in this way, first contact the bank’s Customer Service.

Always type yourself the full address of the online bank in the address bar or use the OP's mobile apps for banking transactions. Do not go to the online bank via links or search engine results! If you are uncertain about anything, always contact our Customer Service before taking any other action.

Am I certainly on the genuine OP website?

  • Always make sure that you are at www.op.fi when you do banking transactions on the online bank or use the OP's mobile apps for transactions.
  • The scam websites collecting online banking user IDs for the purpose of fraud pose as the login page of the authentic online service, but you can recognise websites by checking the address.
  • If you are uncertain about the page or the legitimacy of the message you have received, always contact your own bank first before doing anything else.
  • To ensure the legitimacy of the website, additional information can be found in the Secure transactions.

This is what the address of OP’s website looks like:

 


 

Never

  • go to the online bank via the link you have received – please also note that the messages sent by scammers may on the phone end up in the bank’s previous thread of messages
  • give your user identifiers to anyone – a real authority or bank will never ask you for these by SMS, phone or email
  • download any software onto your device if you are asked to do so by someone whose message you did not expect
  • open any attachments before checking with your own bank’s Customer Service
  • confirm payment transactions unknown to you
  • confirm transactions that you have not yourself chosen to be confirmed – you may get a request for confirmation when your user identifiers are being used on the service

Always carefully read the requests for confirmation that the bank has sent to you. 

If you suspect that your user ID has fallen into the wrong hands, please do as follows: 

  • Immediately deactivate your OP eServices user ID by calling OP Customer Service at 0100 0500 (personal customers) eller 0100 05151 (corporate customers).
  • Outside telephone service hours, deactivate your user ID by calling OP Deactivation Service at +358 100 0555 (24/7).   
  • Be sure to also call our Customer Service during service hours to report the incident. 

 

Example of phishing: