Phishing emails delivered in OP Financial Group's name

OP’s customers have recently been sent phishing email in OP Financial Group’s name. It is quite possible that fraudsters try to also phish the online bank user identifiers of other banks.

The messages may claim that the customer would have entered the online bank’s password incorrectly or that the customer’s account would have been frozen, and request restoring the access rights or activating the account by clicking on the link. The link in the message may direct you to a phishing website that resembles OP eServices. The fraudster requests you to give, for example, your eServices user identifiers and your password.

Never give your user identifiers or passwords to anyone

Never give or disclose your user identifiers, PIN or key codes to anyone – even a bank or the authorities will never ask you for these by SMS, phone or email in connection with, say, information updates or legislative amendments. If you are uncertain about something, always contact our customer service.

What to do, if you suspect that you have been the victim of a phishing email

If you suspect that your user identifiers have fallen into unauthorised hands, please do the following:

  • Deactivate immediately your online bank user identifiers by calling OP Customer Service at 0100 0500.
  • Outside the telephone service hours, deactivate your user identifiers by calling OP Deactivation Service at +358 100 0555 (24/7).
  • Be sure to also call OP Customer Service during service hours to report the incident.

This is how you can ensure that you are at

You can spot the legitimate service from, say, the following:

  • The website’s certificate has been issued to OP Financial Group (e.g. OP Osuuskunta).
  • The certificate contains OP’s domain name
  • The issuer/publisher of the certificate is Symantec, Entrust or DigiCert
  • The certificate is valid

Example of a phishing email:

Example of a phishing website: