OP customers’ online bank user identifiers and contact information are being requested on phishing email messages. The sender of the message may look something like OP’s customer service. It is quite possible that the message is not directed only to OP’s customers but the message can be sent to phish the identifiers of other banks too.
The messages may refer to the Payment Services Directive and ask you to perform a fictitious update. The link in the message may direct you to a phishing website that resembles OP eServices. The fraudster requests you to give, for example, your online user identifiers and contact information or a photo of your key code list.
If you have given or suspect that you have given you OP eServices user ID on the phishing website, please act as follows:
If you have given your personal data, such as a phone number, on the phishing website, the fraudster may impersonate the bank's representative and call from a number that has been falsified to look like the phone number of OP's customer service. The phone call may also come from a number that resembles the phone number of OP's customer service.
Never give or disclose your user IDs, PIN or key codes to anyone – even a bank or the authorities will never ask you for these by SMS, phone or email in connection with, say, information updates or legislative changes. If you are uncertain about something, always contact our customer service.
You can spot the legitimate website of the bank from, say, the following:
- The website's certificate has been issued to OP Financial Group (e.g. OP Osuuskunta).
- The certificate contains OP’s domain name
- The issuer/publisher of the certificate is Symantec, Entrust or DigiCert
- The certificate is valid