There are phishing emails circulating in the name of OP with which fraudsters attempt to phish customers’ online bank user identifiers and contact information. The address resembling OP's email address is shown as the message sender and customer service as the signee. Phishing email messages may refer to a system update in the online bank, requesting people to update the online bank by clicking on a link in the message. The link directs to the phishing website that resembles OP's website.
If you have given your personal data, such as a phone number, on the phishing website, the fraudster may impersonate the bank's representative and call from a number that has been falsified to look like the phone number of OP's customer service. The phone call may also come from a number that resembles the phone number of OP's customer service. Do not give any information to fraudsters!
Fraudsters may also phish usernames and passwords over the phone, pretending to work for OP. You know you are being approached by a fraudster if you are asked to tell your username, password or key codes. Banks never ask their customers to give these details.
You can spot the legitimate website of the bank from the following, for example:
- The website’s certificate has been issued to OP Financial Group (e.g. OP Cooperative).
- The issuer/publisher of the certificate is Symantec, Entrust or DigiCert
- The certificate is valid
Please note that OP never asks its customers to log into its online services via a link in an email or text message, or to email or text your personal user identifiers, credit card details or personal identity code. If you receive a phishing email message, do not reply to it or click on the link in it.
If you have already entered your online user identifiers on the phishing page or by phone, deactivate them immediately by calling 0100 0500 (weekdays from 8.00 am to 10.00 pm, Saturdays 10.00 am to 4.00 pm, local network charge/mobile charge). Outside the telephone service hours, deactivate your user identifiers by calling the Deactivation Service, tel. +358 20 333 (24/7). Also report the incident to OP telephone service when it is open again.
Example of phishing email:
Example of a phishing website:
