What's new

6.9.2021 15:31

Warning: do not go to an online bank through a search engine

Criminals are phishing your online bank user identifiers through search engines too. You are directed from search engine results to a scam website mimicking the genuine op.fi service.  When you go to the online bank, enter the address into the browser’s address bar by yourself or use OP's mobile apps.

Do not log into any online bank through a link in search engine results

Criminals have succeeded in getting scam websites mimicking the op.fi service to appear among the top search results for the purpose of phishing online bank user identifiers. User IDs and passwords entered into a scam website end up in the criminals’ possession and are used to attempt fraudulent payments.

When logging into the op.fi service, type the service’s address (op.fi) in full into the browser’s address bar by yourself or use a saved bookmark. If possible, use OP's mobile apps for your banking.

Never log into any online bank through a link in search engine results 

Always carefully check the website address in the browser’s address bar. Do not enter your identifiers into a site if you are not sure about its legitimacy. If you are uncertain about anything, always contact our Customer Service first. 
 
Also read carefully SMS confirmation requests sent to you and never confirm any transactions that you have not done yourself.
 
If you suspect that your user ID has fallen into the wrong hands, please do as follows: 
 
  • Immediately deactivate your online bank user identifiers by calling OP Customer Service at 0100 0500 (private customers) or 0100 05151 (corporate customers).   
  • Outside telephone service hours, deactivate your user ID by calling OP Deactivation Service at +358 100 0555 (24/7).   
  • Be sure to also call our Customer Service during service hours to report the incident. 

How to be certain that you are on the genuine OP website 

  • The bank will never send you a link to any website that would require you to log in with your online bank user identifiers or give your card details. Only criminals do so.  
  • If you are uncertain about the legitimacy of the message you have received, always contact your own bank first before doing anything else. 
  • Do not open the link or any attachments before checking with your own bank’s customer service.  
  • Never confirm payment transactions, or Mobile key activations, which you do not recognise.  
  • Check the browser’s address bar to make sure that you are at the right address, and that the address is protected.  
  • Click on the padlock icon in the address bar to view the website’s digital certificate. Check the following:  
    • The website's certificate has been issued to OP Financial Group (e.g. OP Osuuskunta)   
    • On the genuine OP website, the certificate states the address www.op.fi and in OP Identity Provider Service the address saml-idp.op.fi.  
    • The certificate is valid 
    • The issuer/publisher of the certificate is Symantec, Entrust or DigiCert   
Example of a scam website: