Warning: numerous criminals are active in online second-hand marketplaces

In addition to the usual scammers, second-hand marketplaces are frequented by criminals who are after banking user IDs and payment card data. Lately, phishing has become increasingly common in marketplaces.

We have received numerous customer notifications about scammers phishing for payment details in marketplaces for second-hand goods. Phishing is carried out, for example, in the name of a courier service or by directing the seller through a link to a scam website.  

Among other things, criminals may try to convince sellers to provide their payment card details or banking user ID by leading them to believe they can receive payments on their card. In reality, payment cards can't be used to receive payments. Instead, providing such information enables criminals to use the card and account.  

If the buyer asks you to provide your payment details or to pay for expenses related to the delivery of goods or receipt of payment, end the conversation immediately. When selling second-hand goods, never disclose any payment details other than your account number. If you use MobilePay or a similar service, you can, of course, provide your phone number.  

If you suspect that your user ID has fallen into the wrong hands, deactivate your OP user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Telephone Service is unavailable, please call the OP Deactivation Service at +358 100 0555. It is available 24/7. Also remember to call our Telephone Service during service hours to report the incident.  

This is how our messages differ from scam messages 

We will never send you messages with a link to the online bank's login page. Your bank will never ask you about your user ID or card details through messages. Such messages are scams – do not click on the links in the messages. In addition, banks or authorities never call and ask customers to give their online user IDs or make payments.  

Even when receiving or cancelling a payment, you do not need to log in via a link, confirm with codes, or give your details. If you are asked to do this, contact the bank's Customer Service.  

Please remember these seven things when banking online

  1. Never log in to OP's digital services through a link you've received or through a search engine. The message directing you to the login page is a scam. You may end up at a scam website through search results on Google, Bing or another search engine too, so type the address on the browser’s address bar yourself.  
  2. Check the address. Always make sure that you are at www.op.fi. Do not enter your identifiers into a site if you are not sure that it is genuine.  
  3. Keep your user ID and password to yourself. The bank will never ask you to provide your user ID over the phone or by SMS or email.  
  4. Do not open email or SMS attachments sent in the bank’s name. Check with your bank’s customer service that the attachments are genuine.  
  5. If a person you don’t know asks you to install an application, do not do so. Install any software you need through your device’s app store.  
  6. Do not confirm transactions you are not certain you have made yourself. Always read the confirmation requests with due care – if there is anything that does not match, do not confirm anything.  
  7. Please ask if you are unsure about anything. If a contact or message is suspicious or your online bank's login page is not working in the usual way (for example, you are unable to log in with Mobile key), please contact your bank before doing anything else.