Tietoturvatiedote

9.1.2023 15:50

Warning: criminals are using scam text messages to phish for your bank user identifiers

Criminals are after your and other customers' bank user identifiers. If you receive a message asking you to log in to OP's digital services via a link, it is a case of fraud. Don't click on the link or do anything that the message asks you to do.

Cybercriminals are sending SMSes in OP's name claiming that the customer's online use has been locked due to suspicious activity. In the scam messages, the customer is asked to reactivate banking access by clicking on the link sent in the message. The link will direct you to a website that appears like the op.fi service for the purpose of phishing for your online bank user identifiers and payment card details. 

Using stolen IDs, criminals will attempt to make fraudulent payments and access your Mobile key.    

Scam messages being circulated right now may 

  • claim that there is unusual activity in your account
  • claim that your online bank has been deactivated or frozen
  • include a link to a phishing website whose address resembles OP's real website, with only small differences in spelling.  

The scam messages may look like this:

If you get such a message, don't click on the link in the message. Because cybercriminals often change the appearance of their scam messages, other kinds of scam messages may be in circulation, too. In particular, the link to the phishing website often changes. Note that phishing messages may be in the same message chain with genuine text messages from OP.

If you suspect that your user ID has fallen into the wrong hands, deactivate your user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Customer Service is not available, please call the OP Deactivation Service at +3581000555. It is available 24/7. Be sure to also call our Customer Service during service hours to report the incident.    

This is how our messages differ from scam messages 

We never send you messages with a link to the bank’s login page. The bank will never ask you about your user ID or card details through messages. Such messages are scams and you should not click on the links in the messages.  

Not even for receiving or cancelling a payment, you don't need to log in via the link, confirm with codes or give your details. If you are asked to do this, contact the bank's Customer Service. 

Messages sent by fraudsters to your phone may end up in the same thread with real messages. The content of phishing messages may vary quickly.  

Please remember these seven things when banking online 

  1. Do not go to an online bank through the link you have received or a search engine. The message directing you to the login page is scam. You may end up in a scam website through Google, Bing or another search engine too, so type the address on the browser’s address bar.  
  2. Check the address. Always make sure that you are at www.op.fi. Do not enter your identifiers into a site if you are not sure about its legitimacy. 
  3. Keep your user ID and password to yourself. The bank will never ask you to provide your user ID over the phone or by SMS or email. 
  4. Do not open email or SMS attachments sent in the bank’s name. Verify that the attachments are genuine with your bank’s customer service.  
  5. If a person you don’t know asks you to install an application, do not do so. Install the software you need yourself through an app store of your device.  
  6. Do not confirm transactions you aren’t certain you have made yourself. Always read the confirmation requests with due care – if there is anything that does not match, do not confirm anything.  
  7. Please ask in case of doubt. If the contact or message is suspicious or your online bank's login page is not working as usual (for example, login with Mobile key is not working), please contact your bank before doing anything else.