Warning: criminals are using scam text messages to phish for your OP user ID for digital services

Criminals are after your and other customers’ user IDs. If you receive a message asking you to log into OP’s digital services via a link, it is a case of fraud. Don’t click on the link or do anything that the message asks you to do.

Cybercriminals are again sending out phishing messages in our name. The messages are mainly in Finnish and:

  • Claim that your use of digital services has been frozen
  • Refer to logging into the system for payment purposes
  • State that there has been unusual activity on your account.

The scam messages may look like this:

If you get such a message, don’t click on the link in the message. Because online criminals often change the contents of their fake messages, other types of phishing messages may be around, too.

If you suspect that your user ID has fallen into the wrong hands, deactivate your user ID by calling at 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Customer Service is not available, please call the OP Deactivation Service at +358 100 0555. It is available 24/7. Be sure to also call our Customer Service during service hours to report the incident.  

This is how our messages differ from phishing messages

We never send you messages with a link to the bank’s login page. The bank will never ask you about your user ID or card details through messages. Such messages are scams and you should not click on the links in the messages. 

Not even for receiving or cancelling a payment, you don’t need to log in via the link, confirm with codes or give your data. If you are asked to act in this way, contact the bank’s Customer Service.

Messages sent by the fraudsters may in your phone end up in the same thread with real messages. The content of phishing messages may vary quickly. 

Please remember these seven things when you do banking online

  1. Do not go to an online bank through the link you have received or a search engine. The message directing you to the login page is scam. You may end up in a scam website through Google, Bing or another search engine too, so type the address on the browser’s address bar. 
  2. Check the address. Always ensure that you are at www.op.fi. Do not enter your identifiers into a site if you are not sure about its legitimacy.
  3. Keep your user ID and password to yourself. The bank will never ask you to provide your user ID over the phone or by SMS or email.
  4. Do not open email or SMS attachments sent in the bank’s name. Verify that the attachments are genuine with your bank’s customer service. 
  5. If a person you don’t know asks you to install an application, do not do so. Install the software you need yourself through an app store of your device. 
  6. Do not confirm transactions you aren’t certain you have made yourself. Always read the confirmation requests with due care – if there is anything that does not match, do not confirm anything. 
  7. Please ask in the case of confusion. If the contact or message is suspicious, please contact your own bank before you do anything else.