The OP Financial Group of Finland was hit by a phishing scam

The OP Financial Group of Finland reported a cyberattack on its Osuuspankki website on Sunday. The OP Financial Group is one of the major financial organization in Finland, with 180 cooperative banks and 2 million customers. The organization provides commercial, insurance, and retail banking services in Finland.

OP’s customers started receiving phishing messages from a unknown sender. OP has requested its customers not to react to such messages with a link as it is a fraud.

The messages could be in a alarming tone but do not panic. These are message contents that is seen so far in this phishing attack,

• Payment made from your user account to another.
• Payment being made to a private person
• Security messages, asking users to activate a mobile service.

All these above messages comes with a link, creating urgency and fear to react.

Teemu Ylhäisi, Chief Information Security Officer of the OP Financial Group and stated that the cause of this technical disruption was investigated, and their service was shifted to a maintenance state for further scrutinization. This below is image is an example of the phishing scam,

OP Financial Group and its banking services were stored shortly

In the afternoon, OP Financial Group’s social media team mentioned that the attack has been averted and the services are now stored back to normal. As of now, the complete details of the attack, the procedure and exploitation methods are yet to be identified. The disruption in their services lasted for around 6: 30 mins staring from morning 6:00 am to 12:30 pm on Sunday. The below image is an example of the phishing email,

OP Financial Group recommends six steps to ensure safe and secured banking

Here are some best practices to achieve vigilant online banking routine,

• Do not click links sent over email or messages without verifying the sender, message and intent.
• Always try navigating to a banking website via proper domain address and using a search engine, never click a shortened or normal url that urges you to do so without proper explanation.
• Never share your banking credentials with anyone via phone, sms or email.
• Unknown software installation request from senders that is related to banking could be a scam and don’t fall for it.
• Transcations alarms could be tempting to click but always double check your account and its transactions via net or mobile banking before falling for the phishing message.
• If you aren’t able to figure out if the message is a scam or legitimate one, always contact the customer support of the banks before reacting to the one you had received.

A phishing attack is always the first step for threat actors to breach a network, the worse could be still in their plans for OP Financial Group. However, it is good that the banking services were stored shortly and OP Financial Group was able to react to the phishing scam as early as possible.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.