Tietoturvatiedote

27.3.2023 14:30

Warning: criminals are using scam text messages to phish for your OP user IDs

Criminals are after your and other customers' user IDs. If you receive a message asking you to log in to OP's digital services via a link, it is a case of fraud. Don't click on the link or do anything that the message asks you to do.  Phishing messages may be in the same message chain as genuine messages from OP.

Cybercriminals are again sending SMSes in OP's name, claiming that suspicious activity or login attempts have been observed on the customer’s account. The customer is asked to check their account and confirm their identity via the link included in the message. The link will direct you to a website that looks like the op.fi service, but which is actually phishing for your online bank user identifiers and payment card details.  

Scam messages spreading right now:  

  • refer to suspicious login attempts or other activities 
  • state that a message has arrived 
  • ask the recipient to check their account and prevent it from being locked 
  • ask the recipient to confirm their identity  
  • include a link to a phishing website whose address resembles OP's address, but is spelled differently.  

Using stolen IDs, the criminals will attempt to make fraudulent payments and gain access to the victim’s Mobile key.

The scam messages may look like this:

Please note that phishing messages may be in the same message chain as genuine SMSes from OP. The address leading to the phishing page changes frequently.  

If you get such a message, do not click on the link in the message. Because cybercriminals often change the content of their scam messages, other kinds of scam messages may also be in circulation. 

If you suspect that your user ID has fallen into the wrong hands, deactivate your user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Customer Service is not available, please call the OP Deactivation Service at +358 100 0555. It is available 24/7. In addition, be sure to call our Customer Service during service hours to report the incident.  

This is how our messages differ from scam messages  

We never send you messages with a link to the bank’s login page. The bank will never ask you about your user ID or card details through messages. Such messages are scams – do not click on the links in the messages.  

Even when receiving or cancelling a payment, you do not need to log in via a link, confirm with codes, or give your details. If you are asked to do this, contact the bank's Customer Service.  

Please remember these seven things when banking online  

  1. Do not go to an online bank through a link you have received or a search engine. The message directing you to the login page is a scam. Search results in Google, Bing or another search engine may also direct you to a scam website. To avoid this, type the address into the browser’s address bar.  
  2. Check the address. Always make sure that you are at www.op.fi. Do not enter your identifiers into a site if you are not sure that it is genuine.  
  3. Keep your user ID and password to yourself. The bank will never ask you to provide your user ID over the phone or by SMS or email.  
  4. Do not open email or SMS attachments sent in the bank’s name. Contact your bank’s Customer Service to verify that the attachments are genuine.  
  5. If a person you don’t know asks you to install an application, do not install it. Install the software yourself through your device’s app store.  
  6. Do not confirm transactions if you are not certain that you made them yourself. Always read confirmation requests with due care – if there is anything that does not match, do not confirm anything.  
  7. Please ask in case of doubt. If a contact or message is suspicious or your online bank's login page is not working in the usual way (for example, login with Mobile key is not working), please contact your bank before doing anything else.