Bank of Montreal customers who have received text or email BMO online notifications like the one below, which claim that they need to enable the multi-factor authentication feature due to a recent phishing attack, are asked not to click on the links or follow the instructions in the notifications. This is because the fake notifications are phishing scams being sent by cybercriminals to trick Bank of Montreal customers into clicking on the links in the same fake notifications, which go to a phishing website that steals online account credentials and personal information.
Once the cybercriminals have received their potential victims’ online account credentials, they will gain access to their accounts, steal their money and use their accounts fraudulently.
Sample of the "BMO Online Notification" Phishing Scam
Subject: BMO Online Notification
Dear Customer
We have introduce a muliti-factor authentication feature to our online banking to enhance our security due to the recent phishing attack targeting our online banking customer.
This feature will be effective from the 16th of November 2017 and every online banking customer has to enrol to obtain a Unique personal icon, which will be send to your mailing address in 5 business days.
Click Here to get started or visit your nearest branch for more information.
Regards
BMO Online Banking
Bank of Montreal users who have received messages asking them to click on a link or visit a website in order to update, re-confirm or verify their accounts, should always go directly to https://www.bmo.com/ and sign-in from there. Once the Bank of Montreal users have signed into their accounts, they will be notified of updates and other important changes, if there is any.
Going directly to Bank of Montreal’s website (www.bmo.com) will prevent users or customers from becoming victims of phishing scams that steal personal information or online account credentials.