Malware is software that is downloaded on your computer for criminal purposes. Your computer may be infected by malware when you download files from the internet, open email attachments or follow links in social media, for example. Criminals can use malware to steal your online banking identifiers and key codes and carry out fraudulent transactions. Do not use banking services with a device that has been infected with malware. If you suspect that your device is infected with malware, have the device cleaned before using it.
Our customers sometimes receive fraudulent emails that can appear to be sent by the bank. Such phishing emails may ask the customer to update their information using a link included in the email, for example. Criminals use these emails in an attempt to obtain the customer’s username and password to online services. Keep in mind that the bank will never ask you to log in to online services using a link in an email message. Never open suspicious links.
If you receive a suspicious email
- do not open any links in the email
- save the message and send it as an email attachment to tietoturvailmoitukset(a)op.fi
- if you suspect that you have been the victim of phishing, deactivate your online services username and password immediately by calling our customer service or the deactivation service outside customer service opening hours.
SMS phishing or smishing
Customers can also face phishing attempts by SMS or text message. These messages typically ask that you update your information in the online service. The message will instruct you to open a link. The link opens a phishing website intended to steal your username and password and other personal information. The site may also ask for your bank card details. Keep in mind that your bank will never ask you to log in to online services using a link in an SMS message.
If you receive a suspicious SMS
- do not open any links in the message
- check the sender’s phone number
- take a screen capture of the message and email it to tietoturvailmoitukset(a)op.fi.
Voice phishing or vishing
Customers may also receive fraudulent phone calls, for example from a person claiming to be a police officer or a bank employee. In voice phishing, the caller typically tries to invoke a sense of urgency and may claim that the customer’s funds are in danger and that personal information is required to save them. The caller may also claim that a police officer or a representative from the bank will visit the customer to investigate the matter. If you receive this type of call, never reveal any personal information to the caller under any circumstances. Ask that the caller repeats his or her name. After this, end the call. If the caller claims to be from the police, report the call to the police. Keep in mind that no trustworthy party will ever ask for your online service identifiers, card information or any other personal banking details over the phone. Be sure to always report the call to the bank by calling our customer service or visiting our bank branch.
Criminals may attempt to exploit the identity of another person. Types of identity theft include placing orders, signing contracts and drawing credit using another person’s information. You can attempt to protect yourself against identity theft by placing a self-declared credit stoppage for a separate fee. Be sure to also store your personal ID documents in a secure place. If your ID is lost or stolen, remember to also notify the bank.
Sadly, there are many dishonest individuals preying on others in social media. One type of fraud are so-called romance scams. In these scams, the fraudster poses as someone else in order to form a confidential and romantic bond with the victim. These scams seek to gain financial benefit by asking the victim to transfer funds to the fraudster on the pretence of invented emergencies. Such fraudsters are highly skilled social manipulators and professional scammers. Victims of a romance scam should not feel embarrassment over the situation. Do not hesitate to contact the police and your bank if you suspect you have been victim of this type of scam. Victim Support Finland can also assist victims of a scam.
How to identify an online scammer
- an unfamiliar person unexpectedly contacts you on social media
- the friendship quickly turns to infatuation
- arranging a face-to-face meeting or video call proves difficult
- as the relationship develops, unexpected events emerge in which the new friend will ask for a loan
- the funds are asked to be sent to an account under an unfamiliar name.
The Internet is full of all sorts of offers for great investment opportunities. Often, these involve a cryptocurrency or stocks and mutual funds that offer a remarkably high return on investment. A relatively small sum is usually enough to get started, after which the customer is convinced to invest larger and larger sums. Unfortunately, not all companies offering investment services are trustworthy.
Keep in mind at least the following before investing
- how long has the company been in business and does it hold a licence?
- has the service provider contacted you outside office hours and displayed exceptionally high enthusiasm in selling its investment product?
- check that the company is not listed on the Financial Supervisory Authority warning list.
Advance-fee scams refer to Nigerian Prince scams and their variations, among others types of fraud. In a typical scam, the victim is contacted on social media or by email to tell that they have won or inherited large sums of money. In order to get the funds, the victim must may unexpected expenses, such as customs duties, air freight charges and legal fees.
How to avoid falling victim to advance-fee scams
- do not reply to emails that promise large winnings, inheritances or other rewards
- remember that no trustworthy party will give away money for free
- if you have not participated in a prize draw or lottery abroad, there is no way for you to have won
- never send your personal information to strangers, such as bank account numbers or a copy of your passport.
CEO fraud refers to scams in which the fraudster tricks a company’s employee to carry out a transaction by posing as a CEO or other person of authority. Typically, the payment request is sent by email from an address that has been forged to appear trustworthy. The messages are usually brief and attempt to invoke a sense of urgency for the recipient.
Fake or forged invoices
Fraudsters use emails and phishing websites to attempt to steal employees’ Office 365 usernames and passwords. After obtaining these, the fraudster logs into the employee’s email account to send more phishing messages and keep tabs on the employee’s email traffic. Fraudsters also exploit email forwarding rules in order to direct messages to another address.
The aim of the fraud is to access billing information, for example to forge the account number in order to divert the paid funds to the fraudster.
Safeguards against CEO fraud and data breaches
- you should instruct your employees about the organisation's billing practices and advise them to observe diligence when carrying out payments
- the sender’s address should be checked whenever receiving an email, no matter how familiar the sender appears
- if the message asks to open a link or attachment, there is cause to suspect the message’s credibility
- if the bank account number of a familiar invoice recipient changes, it is advisable that you confirm the change from the sender
- the use of two-factor authentication is advised.