Taking Action

What is a phishing attack?

A phishing attack is an attempt to steal personal information by imitating a legitimate organization. Fraudsters either manipulate you into downloading harmful malware and spyware onto your computer system or direct you to a phony website and convince you to enter your personal information. In both cases, this is often their first step in taking over your account.

Phishing is one of the most effective ways cybercriminals attack. Don’t reply or click any links in unsolicited or suspicious emails or texts.

Think you’ve been phished? Email us now.

Send the phishing email as an attachment to the email address below and delete it from your inbox.

phishing@bmo.com

BMO’s recommended steps to complete in order:

If you think you may have fallen victim to a phishing attack, complete the steps below in order. It’s important that you complete these steps prior to logging into your Online or Mobile Banking, and any family or friends who use your devices for banking should also complete these steps if they believe they might have been impacted.

1. Contact your financial institution if you believe you have been victimized by a phishing attack. If you bank with additional financial institutions, contact them too, even if your accounts with them have not been compromised.
2. Close your bank accounts and open new accounts, as well as change all access numbers on your credit products.
3. Contact the applicable Credit Bureau Agency (Equifax or TransUnion) to place a fraud warning. This will protect you in case a perpetrator decides to apply anywhere for a new product on your behalf.
4. If your electronic or mobile device/s were compromised, have them formatted, serviced, and scanned for malware by a professional, and change your login information.
5. Download IBM Trusteer Rapport and OnGuard software from BMO.com/security.
6. Change your passwords for all banking, social media and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.
   • Set a different password for each of your online accounts. Never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
7. Once you have received your new card and it has been activated, update post-dated bill payments and pre-authorized transactions on the new card. Also update any linked accounts, such as Amazon, Apple, or Google.
8. Verify that the personal information on your online banking is correct, especially contact details. If you need to make changes, visit a branch, or call the Contact Centre.
9. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster can switch your provider or order a new SIM.

For more information on how to prevent fraud in the future, visit our security centre and security tips on BMO.com/security.

What is identity theft?

Identity theft occurs when a criminal obtains your personal information and attempts to apply for new credit cards, loans, housing, and commit other crimes using your identity. As a victim of identity theft, your credit can be negatively impacted, you may be subject to unsolicited bill payments, and it can be extremely frustrating and complex to resolve. If you have been a victim of identity theft, complete the steps below.

BMO’s recommended steps to complete in order:

1. Contact the police and file a report in the community where the identify theft occurred.
2. Contact your financial institution. If you bank with multiple financial institutions, contact them too, even if those accounts have not been compromised.
3. Close and reopen your bank accounts and change all access numbers on your credit products. The easiest way to do this is by visiting your local branch. Don’t forget to bring in two pieces of government-issued photo ID. If your ID doesn’t have your address on it, bring a utility bill that lists both your name and home address.
4. Contact the Credit Bureau Agencies (Equifax and TransUnion) to report being a victim of identity theft so that each bureau can review recent inquiries, new trades opened, and any changes to personal information. This will protect you in case a perpetrator decides to apply for a new credit product on your behalf.
5. Review your credit report and look for any information that is inaccurate or incomplete.
6. Report identity theft and fraud by contacting the Canadian Anti-Fraud Centre.
7. Additional organizations to contact depending on the situation:
   • If you run a business, contact the Better Business Bureau.
   • If you run a charity, contact the Canada Revenue Agency Charities Directorate.
8. Download IBM Trusteer Rapport and OnGuard software from BMO.com/security
9. Change your passwords for all banking, social media, and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.
   • Set a different password for each of your online accounts. Never use birthdays, anniversaries, names of your children or pets, or common phrases such as “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
10. Verify that the personal information on your online banking profile is correct, especially your contact details. If you need to make changes, visit a branch, or call the Contact Centre. Continue to monitor your personal accounts for any suspicious transactions. Contact any other credit companies if you notice unusual transactions.
11. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster may have ordered a new SIM card to facilitate the account takeover in the first place.
12. Report any issues with your mail and confirm your address: 
    • If you receive statements for accounts you didn’t open, contact the creditor.
    • If you don’t receive statements for your usual accounts, contact the bank or other company.
    • If you don’t receive regular mail, contact your local post office.
13. Check that your government ID has not been compromised:
    • Contact Service Canada at 1-800-206-7218 to confirm if someone has used your SIN to apply for a job.
    • Contact your provincial department of motor vehicles to confirm if your name has been used to obtain a driver’s license or ID, or if someone has reported your ID lost or stolen.
      

For more information on how to prevent fraud in the future, visit our security centre and security tips on BMO.com/security.

What is account takeover?

Account takeover fraud occurs when a criminal gains access to your banking profile to either commit theft of your personal information or execute unauthorized transactions. Noticed unfamiliar activity on your account? We can help.

BMO’s recommended steps to complete in order:

1. Contact your financial institution. If you bank with multiple financial institutions, contact them too, even if those accounts have not been compromised. Your financial institution will add an alert to your customer profile indicating that you have been a victim of an account takeover.
2. Close and reopen your bank accounts and change all access numbers on your credit products. You may also add a verbal password to your profile as additional protection. The easiest way to do this is by visiting your local branch. Don’t forget to bring in two pieces of government-issued photo ID. If your ID doesn’t have your address on it, bring a utility bill with both your name and home address.
3. Contact the applicable Credit Bureau Agency (Equifax or TransUnion) to place a fraud warning. This will protect you in case a perpetrator decides to apply for a new credit product on your behalf.

4. If you have been a victim of a digital account takeover, complete the steps below:

   a) If your electronic or mobile device(s) were compromised, have them formatted, serviced, and scanned for malware by a professional, and change your login information.

   b) Download IBM Trusteer Rapport and OnGuard software from BMO.com/security.

   c) Change your passwords for all banking, social media, and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.

   • Set a different password for each of your online accounts. Never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
5. Once you have received and activated your new card, update any pre-authorized transactions with the new card details. Also update any linked accounts, such as Amazon, Apple, or Google.
6. Verify that the personal information on your online banking is correct, especially contact details. If you need to make changes, visit a branch, or call the Contact Centre.
7. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster may have ordered a new SIM card to facilitate the account takeover in the first place.

For more information on how to prevent fraud in the future, visit BMO.com/security.