The bank's customers are currently being approached with phishing messages that aim to get the customer to contact the scammer themself.
In the phishing messages that are being sent:
- the customer may be advised to call the number indicated in the SMS in which case the call is answered by the scammer pretending to be the bank's contact person
- the customer is requested to reply to the message if they want to be contacted by the "bank's contact person" after which the scammer calls the customer.
An example of a phishing message in which the scammer poses as an OP contact person, trying to get the customer to reply to the SMS.
If you receive an SMS from the bank requesting the actions described above, do not react to the message.
If you receive a suspicious call during which you are requested to identify yourself by providing your online banking user identifiers and password, to download an app on your device or transfer funds to a "secure account", hang up and contact the bank immediately. It is essential that you tell us in detail about the call so that we can help with sorting out the matter as quickly as possible. Phishing messages that aim to get the customer to download malware on their device are also being sent currently.
Did you know that when you receive a call from the bank, you can ask for the call to be verified via OP-mobile or OP Business mobile? In this way, you can ensure that the caller indeed is an employee of the bank.
You'll find instructions on how to verify phone calls here
You can also verify the details of your contact person in the bank on your OP-mobile or the op.fi service and contact them using the contact information available there.
Note that the scammer may be in possession of some personal details or other information that they will use to try to make the contact appear more reliable.
Also other phishing messages that mimic the bank's messages are being sent currently. Carefully read any messages that you receive and contact your bank immediately if you suspect that your account access instruments have been jeopardised.
An example of a phishing message that mimic's the bank's further confirmation message, trying to get the customer to call the phone number given in the message.
If you suspect that you have been a victim of fraud
If you have called a number given in an SMS, received a suspicious call or downloaded software onto your phone, contact the bank immediately and do not use the phone to log into OP's digital services.
Deactivate your OP user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). Our Customer Service is open on Mon–Fri, 8.00–16.00. Outside these times, call OP’s Deactivation Service on 0100 0555; this service is open 24/7. Be sure also to call Customer Service during service hours to report the incident.
More detailed instructions on what to do and contact details in case of fraud are available here
This is how our messages differ from scam messages
The bank or authorities never call and ask customers to give their online user identifiers, make payments or install an app on their phone.
We will never send you messages with a link to the online service’s login page. Nor will the bank ever ask you for your user identifiers or card details through messages. Such messages are scams – do not click on the links in the messages.
Even when receiving or cancelling a payment, you do not need to log in via a link, confirm with codes, or give your details. If you are asked to do this, call the bank's Customer Service phone number that you have verified yourself on the bank's website.