Tietoturvatiedote

18.11.2022 09:54

Warning: fraudsters are phishing for data in online marketplaces for second-hand goods

Criminals are phishing for customers’ payment card and online banking details in online marketplaces for second-hand goods.

We have received several reports of situations in which an OP customer is trying to sell second-hand goods and a fraudster sends the OP customer a link in an attempt to phish for payment details. 

If you are sent a request for your payment details by a buyer of second-hand goods, end the online sales negotiation immediately and contact the customer service of the marketplace you are using.

The following signs are typical of fraud, regardless of the marketplace in question:

  • The fraudster tries to move the sales negotiation away from the marketplace’s platform.
  • A fraudster posing as a buyer asks you for your card details or online banking identifiers, claiming that these are needed in order to receive the payment.
  • The buyer sends you a link, claiming that the link is needed to confirm the payment or purchase, for example.
  • The buyer offers a courier service for delivery of the product, perhaps asking for your contact details. After receiving your contact details, they send you a link to phish for your payment details.

Criminals may claim that, if you enter your payment card details and online banking identifiers on their website, payment will be transferred to your payment card when the purchase is completed. However, it is impossible to receive payments on a payment card: instead, the criminals will gain unlimited access to your online bank account and payment card. 

In addition, any link sent in an email message that asks you to confirm a purchase is a scam. 

If you suspect that your user ID has fallen into the wrong hands, deactivate your user ID by calling 0100 0500 (personal customers) or 0100 05151 (corporate customers). When our Customer Service is not available, please call the OP Deactivation Service at +3581000555. It is available 24/7. Be sure to also call our Customer Service during service hours to report the incident. 

Please remember these seven things when you do banking online

  1. Do not go to an online bank through a link sent to you or through a search engine. The message directing you to the login page is a scam. You may end up in a scam website through the search results of Google, Bing or another search engine too, so type the address on the browser’s address bar yourself. 
  2. Check the address. Always make sure that you are at www.op.fi. Do not enter your user identifiers into a site if you are not sure about its legitimacy.
  3. Keep your user identifiers to yourself. The bank will never ask you for your user ID over the phone or by SMS or email.
  4. Do not open email or SMS attachments sent in the bank’s name. Check with your bank’s customer service that the attachments are genuine. 
  5. If a person you don’t know asks you to install an app on your device, do not do so. Install the apps you need by yourself from your device’s app store. 
  6. Do not confirm transactions you aren’t certain you have made yourself. Always read the confirmation requests with due care – if there is anything that does not match, do not confirm anything. 
  7. Please ask if you are unsure about anything. If the contact or message is suspicious, please contact your own bank before doing anything else.