Phishing emails entitled "Important message in your online bank" are being sent in the name of OP. The phishing email refers to a message in the online bank which the person should read by clicking the link in the email. The message also says that the person's account has been frozen for security reasons because he/she hasn't logged out by using the Logout button. The message claims that the security freeze could be removed by following the link and then entering the person's user identifiers.
The phishing website first attempts to obtain not only online service user identifiers but also personal and address information. In the second stage, you are asked to download the image of your “key code card” on the site. If you have provided personal data on the phishing website, the fraudster may even call you and phish for key codes over the phone. You can recognise a call coming from OP Telephone Service from number 010 252 0500. Do not give any information to fraudsters!
You can spot the legitimate website of the bank from the following, for example:
- The address in your browser's address bar begins with https://
- The website’s certificate has been issued to OP Financial Group (e.g. OP Cooperative).
- The issuer/publisher of the certificate is Symantec
- The certificate is valid
Please note that OP never asks its customers to log into its online services via a link in an email or text message, or to email or text your personal user identifiers, credit card details or personal identity code. If you receive a phishing email message, do not reply to it or click on the link in it.
If you have already entered your online user identifiers on the phishing page, deactivate them immediately by calling 010 253 133 (weekdays from 9.00 am to 4.00 pm, local network charge/mobile charge). Outside the telephone service hours, deactivate your user identifiers by calling the Deactivation Service, tel. +358 20 333 (24/7). Also report the incident to OP telephone service when it is open again.
Example of phishing email:
Example of a phishing website:
Example of a phishing website: