Phishing attempts at the online bank user identifiers of OP customers

OP customers’ eServices user identifiers are being requested on phishing email messages. The sender of the message may look something like OP’s customer service. It is quite possible that the message is not directed only to OP’s customers but the message can be sent to phish the user identifiers of other banks too.

The messages may refer to the EU General Data Protection Regulation and ask you to update your information. The link in the message may direct you to a phishing website that resembles OP eServices. The fraudster requests you to give, for example, your eServices user identifiers and your password.

If you suspect that your user identifiers have fallen into the hands of an unauthorised person, deactivate the identifiers immediately by calling OP telephone service at 0100 0500. Outside the telephone service hours, deactivate your user identifiers by calling the OP Deactivation Service number at +358 100 0555 (24/7). Be sure to also call OP telephone service during service hours to report the incident.

Never give or disclose your user identifiers, PIN or key codes to anyone – even a bank or the authorities will never ask you for these by SMS, phone or email in connection with, say, information updates or legislative changes. If you are uncertain about something, always contact our customer service.

You can spot the legitimate website of the bank from, say, the following:

  • The website’s certificate has been issued to OP Financial Group (e.g. OP Osuuskunta).
  • The certificate contains OP’s domain name
  • The issuer/publisher of the certificate is Symantec, Entrust or DigiCert
  • The certificate is valid


Example of a phishing email: