The messages may say that the customer’s account must be verified and that the customer has received a confidential email message. The link in the message may direct you to a phishing website resembling the op.fi service where you are asked to enter, for example, your online user ID and your password. The purpose of these messages may also be to phish for the online user IDs of other banks.
Never use a link received by email to log into an online bank
Never use a link received by email to log into an online bank. Never give or disclose your user ID, PIN code or key codes to anyone – even a bank or the authorities will never ask you for these by SMS, phone or email in connection with, say, verifying information. If you are uncertain about anything, always contact our Customer Service first.
What to do, if you suspect that you have fallen victim to a phishing email
If you suspect that your user ID has fallen into the wrong hands, please do as follows:
- Deactivate immediately your OP eServices user ID by calling our Telephone Service at 0100 0500.
- Outside the telephone service hours, deactivate your user ID by calling OP Deactivation Service at +358 100 0555 (24/7).
- Be sure to also call our Telephone Service during service hours to report the incident.
How to ensure that you are logged into op.fi
You can identify the legitimate op.fi service from, among others, the following:
- The website's certificate has been issued to OP Financial Group (e.g. OP Osuuskunta).
- The certificate contains OP’s domain name.
- The issuer/publisher of the certificate is Symantec, Entrust or DigiCert.
- The certificate is valid.
Example of a phishing email: