Warning: Criminals are using scam text messages in OP's name to phish for your online banking user identifiers

Criminals are after your and other customers' user IDs. If you receive a message asking you to log into OP's digital services via a link, it is a case of fraud. Don't click on the link or do anything that the message asks you to do.

Cybercriminals are again sending SMSes in OP's name claiming that the customer's card has been locked due to suspicious activity. The customer is asked to reactivate the card by clicking on the link sent in the message. The link will direct you to a website that looks like the op.fi service for the purpose of phishing for your online bank user identifiers and payment card details.
 
The scam messages spreading right now: 
  • claim that your card has been frozen and urge you to reactivate it
  • include a link to a phishing website whose address resembles that of OP's real website, but with small differences in spelling. The criminals will try to phish your user ID and start using your Mobile key. 
The scam messages may look like this:
 
 

NOTE! You may see the phishing messages in the same thread as the real messages from OP.

The messages look identical but the web address leading to a phishing website changes frequently.
If you get such a message, don't click on the link in the message. Because cybercriminals often change the appearance of their scam messages, other kinds of scam messages may be in circulation, too.

If you suspect that your user ID has fallen into the wrong hands, deactivate your user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Customer Service is not available, please call the OP Deactivation Service at +358 100 0555. It is available 24/7. Also remember to call our Customer Service during service hours to report the incident. 

 

This is how our messages differ from scam messages

We never send you messages with a link to the online bank's login page. The bank will never ask you about your user ID or card details through messages. Such messages are scams and you should not click on the links in the messages. 

Not even for receiving or cancelling a payment, you don't need to log in via the link, confirm with codes or give your details. If you are asked to do this, contact the bank's Customer Service.

Messages sent by fraudsters to your phone may end up in the same thread with real messages. The content of phishing messages may vary quickly. 

Please remember these seven things when banking online

  1. Do not go to an online bank through a link sent to you or through a search engine. The message directing you to the login page is a scam. You may end up in a scam website through the search results of Google, Bing or another search engine too, so type the address on the browser's address bar yourself. 
  2. Check the address. Always make sure that you are at www.op.fi. Do not enter your user identifiers into a site if you are not sure about its legitimacy.
  3. Keep your user identifiers to yourself. The bank will never ask you for your user ID over the phone or by SMS or email.
  4. Do not open email or SMS attachments sent in the bank's name. Check with your bank's customer service that the attachments are genuine. 
  5. If a person you don't know asks you to install an app on your device, do not do so. Install the apps you need by yourself from your device's app store. 
  6. Do not confirm transactions you aren't certain you have made yourself. Always read the confirmation requests with due care – if there is anything that does not match, do not confirm anything. 
  7. Please ask if you are unsure about anything. If the contact or message is suspicious or your online bank's login page is not working as usual (for example, login with Mobile key is not working), please contact your bank before doing anything else.