BMO Fraudulent Emails
A while ago I posted an article concerning a fraudulent email I received which was designed to acquire my bank account information. I put it up as a warning to others, just in case someone unknowingly decided to click the link and go through with it.
I recently received two fraudulent emails, both pretending to be from BMO basically stated how my account login was denied, and on how my account was suspended due to possible errors in my personal data during Online Security Enhancement.
Now both these emails have one common issue, they came to my sensei email account. Both I mentioned before have nothing to do with any of my bank accounts. This was the red flag for me when reading the emails.
For the first email, I first found the email address being from “accounts@bmo.com”, which after searching for, found no such contact email on BMO’s website. Looks like BMO might have a security issue at hand. I’ve tried contacting BMO to address the issue. I currently haven’t heard anything back from them. I figure I’ll get a comment below or a ‘nice’ email from them regarding this when it is published.
As you can see in the email above, it shows nothing significant as to why one would believe it is not from BMO. In many cases when someone reads that their account was trying to be accessed and their bank needs verification that it was them trying to access it, then they may click the link and in turn possibly acquiring a virus or giving the sender a means to acquiring your bank account information.
The second email I received explained to me that my online banking account has been temporarily suspended and to activate my account I should sign in through the link provided.
The email address used to send this fraudulent email is “timbibletim@aol.com”, but it does ‘say’ it is from “BMO Bank of Montreal’, which could end up fooling some people if they do not examine the email properly.
Looking at the email above you can see that there is no signature from where the email is coming from, just why your account is suspended and that you need to activate it through the link provided.
These fraudulent emails can fool anyone who does not look carefully at the information presented; whenever you receive an email claiming to be from your bank and requesting you sign in to your account through the link provided, call your bank FIRST to verify it.
Your bank will never ask you to sign into your online banking through a link provided, they will tell you to go to their website
Keeping this in mind, be careful, because these types of emails can come at any time, and if you do not read them carefully, they may just get the best of you.
voidtalk
David Samson
kevin eaton
Steve
Comments (7 )
Are you sure the email was addressed to “accounts@bmo.com”?
It is easy to make an email appear to have a phony return address, but in actuality have a completely different return address.
Fraudulent emails often use convoluted routing, or hide its actual from address in the header information. This can be obtained in Outlook Express by right clicking on the email, choosing properties, then details.
You can look in Gmail under ‘more options’ beside the time stamp in the email.
Most emails don’t hide a lot of information, but phishing emails of the type you mention almost always hide the real return address. After all, who is going to respond to a supposed bank email when the return is to “scumsucker862@yahoo.com”?
It can be somewhat difficult to pick out the real source of the email because of the number of computers emails pass through on their way from the source to the destination. Emails do not go, in most cases, from the source computer to the destination direct. The are handed off from one computer to another like a baton in a relay race. This is why emails are not secure and you should not send sensitive information. Each computer in the relay has the opportunity to intercept and read that email. Which is why the NSA loves email.
All that said, it is still possible in an organization as large as a big bank to allow for the possibility of someone hijacking a computer and setting up an email account to a real email address for that bank. Not that I have ever heard of it happening. My guess, if it did, we wouldn’t hear about it anyways, they would keep it quiet.
But no bank that I know of sends emails of that sort, or of any sort requesting information from a client. Don’t respond to any email from a bank requesting information. All major banks have an email address to report fraud. If you think the email is just a few minutes old then report it.
[Reply]
Hi Mike,
Positive it has the email account ‘accounts@bmo.com’. We just removed the sent email address (personal email account). We have contact BMO several times now to inform them… but no response back.
The link inside the email (the first email) sends you to a malware site.
[Reply]
You can send an email with any address you like in the ‘from’ or ‘reply-to’ information. It’s not something most of us normally do, because our email application (or web app) fills in that address for us, but many applications are available that will allow you to send email ‘from’ any account you’d like.
What is not spoofable is the originating IP address (the bottom-most one in the email header). See Steve Gibson’s excellent discussion of the topic in episode 79 of the “Security Now” podcast:
http://www.grc.com/securitynow.htm#79
[Reply]
The exact same thing happened to me, but hotmail sent the emails automatically to my junk folder. I received two one from BMO and one from RBC both of which I do NOT have accounts with.
1)From: BMO Customer Service (accounts@bmo.ca)
Sent: October 18, 2010 3:32:23 PM
To: ***********
Dear client,
Please review the latest changes affecting your account by logging in at (I removed address for security reasons)
Best regards,
2)From: security@ssl-rbcroyalbank.ca on behalf of security@ (ssl-rbcroyalbank.ca security@ssl-rbcroyalbank.ca)
Sent: October 12, 2010 3:40:02 PM
To: *********
Dear client,
Please review the latest changes affecting your account by logging in at
(I removed address for security reasons) Best regards,
Unlike the first comment I was contacted by accounts@bmo.ca not .com, which of couse does not exist. I also love that they send their “best regards” just to make it seem even more Canadian. My father received an email from tdcanadatrust.ca stating something similar, their real website is at .com not .ca. So I would suggest for anyone if you get an email from your bank and it says .ca DO NOT trust it, also I’ve been banking online for a couple of years now and not once has my bank ever contacted me through email. When they have contacted me, they have done so via my home phone.
[Reply]
This isn’t exactly -new- news, but it serves well as a reminder to the consumer to be vigilant and, always, remain calm and sensible.
Attempts to fraudulently obtain sensitive user ID data, or ‘phishing’, are a very common occurrence for financial institutions (the Big Six, at any rate); of this, they make no secret. It’s important to remember, however, that fraudulent transactions which result from these activities are not the responsibility of the Financial Institution per se – it is incumbent upon the user, the client, to exercise the appropriate levels of caution and care when transacting their business through self-serve channels. Now, having said this, most Financial Institutions go to great lengths to raise the level of awareness of such activities with their clients, and inform them clearly of what the Institution will, and will not, do by e-mail. The best piece of advice I can give, having a great deal of bank-side exposure and experience with this particular topic, is:
Do -NOT- respond to any request, purporting to be from your bank, with information they, ostensibly, already have. Do not ‘confirm details’ through any link sent to /you/ directly. Any legitimate request for updated information (which do occur, from time to time) will direct you to the bank’s public website and ask you to log into your online banking facility as you normally would. In the most extreme instances, preventative restrictions placed by the bank will deny you access to your online banking facility and prompt you to contact them directly (via Branch office, or telephone).
-Under NO circumstances should you follow any hyperlink embedded in an e-mail purporting to be from your Financial Institution. This is, unequivocally, a consumer ‘best practice’.-
[Reply]
Follow-up:
@Soda:
For the sake of vigilance, it should be noted that RBC Royal Bank (RBC’s Canadian domestic banking arm) e-mail addresses do /not/ use the .CA TLD. All e-mail addresses belonging to that particular company terminate with @royalbank.com.
[Reply]
I received this one this morning Oct 4
You have exceeded the maximum number of allowed attempts to provide the correct sign-in credentials for this account.
For the protection of the account holder, online access is now locked. If you are the account holder, you will need to download the attached file and fill in the details requested in the secure account unlock form attached.
If you are not the account holder please delete this email.
Thank you.
Sincerely,
Member Service
http://www.bmo.com
——————————————————————————————————–
——————————————————————————————————–
Email Preferences
This is a service email from Bank of America. Please note that you may receive
service email in accordance with your BMO Financial Group service agreements, whether
or not you elect to receive promotional email.
——————————————————————————————————–
——————————————————————————————————–
Contact us about this email
Please do not reply to this email with sensitive information, such as an account number, PIN, password, or Online ID. The security and confidentiality of your personal information is important to us.
Privacy and Security
Keeping your financial information secure is one of our most important
responsibilities. For an explanation of how we manage customer information, please
read our Privacy Policy: http://www.bmo.com/home/about/banking/privacy-security/our-privacy-code
(C) 2011 BMO Financial Group | Making money make sense. All rights reserved.
[Reply]