Navigation skipped

Taking Action

Do you think you might have fallen victim to a cybercriminal or fraudster?
Report unusual activity right away
Next, ensure that that your accounts and information are protected.
Use the checklists below to see the steps you need to take after you’ve been a victim of fraud or a scam.

Checklists for increased protection

Find out what to do after you’ve been a victim of the following:

What is a phishing attack?

A phishing attack is an attempt to steal personal information by imitating a legitimate organization. Fraudsters either manipulate you into downloading harmful malware and spyware onto your computer system or direct you to a phony website and convince you to enter your personal information. In both cases, this is often their first step in taking over your account.

Phishing is one of the most effective ways cybercriminals attack. Don’t reply or click any links in unsolicited or suspicious emails or texts.

Think you’ve been phished? Email us now.

Send the phishing email as an attachment to the email address below and delete it from your inbox.
phishing@bmo.com

BMO’s recommended steps to complete in order:

If you think you may have fallen victim to a phishing attack, complete the steps below in order. It’s important that you complete these steps prior to logging into your Online or Mobile Banking, and any family or friends who use your devices for banking should also complete these steps if they believe they might have been impacted.

  1. Contact your financial institution if you believe you have been victimized by a phishing attack. If you bank with additional financial institutions, contact them too, even if your accounts with them have not been compromised.
  2. Close your bank accounts and open new accounts, as well as change all access numbers on your credit products.
  3. Contact the applicable Credit Bureau Agency (Equifax, Experian or TransUnion) to place a fraud warning. This will protect you in case a perpetrator decides to apply anywhere for a new product on your behalf.
  4. If your electronic or mobile device/s were compromised, have them formatted, serviced and scanned for malware by a professional, and change your login information.
  5. Download IBM Trusteer Rapport from BMO.com/us/security.
  6. Change your passwords for all banking, social media and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.
    • Set a different password for each of your online accounts. Never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
  7. Once you have received your new card and it has been activated, update post-dated bill payments and pre-authorized transactions on the new card. Also update any linked accounts, such as Amazon, Apple, or Google.
  8. Verify that the personal information on your online banking is correct, especially contact details. If you need to make changes, visit a branch, or call the Contact Center.
  9. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster can switch your provider or order a new SIM.
For more information on how to prevent fraud in the future, visit our security center and security tips on BMO.com/us/security.

What is identity theft?

Identity theft occurs when a criminal obtains your personal information and attempts to apply for new credit cards, loans, housing, and commit other crimes using your identity. As a victim of identity theft, your credit can be negatively impacted, you may be subject to unsolicited bill payments, and it can be extremely frustrating and complex to resolve. If you have been a victim of identity theft, complete the steps below.

BMO’s recommended steps to complete in order:

  1. Contact the police and file a report in the community where the identify theft occurred.
  2. Contact your financial institution. If you bank with multiple financial institutions, contact them too, even if those accounts have not been compromised.
  3. Close and reopen your bank accounts and change all access numbers on your credit products. The easiest way to do this is by visiting your local branch. Don’t forget to bring in two pieces of government-issued photo ID. If your ID doesn’t have your address on it, bring a utility bill that lists both your name and home address.
  4. Contact the Credit Bureau Agencies (Equifax, Experian or TransUnion) to report being a victim of identity theft so that each bureau can review recent inquiries, new trades opened, and any changes to personal information. This will protect you in case a perpetrator decides to apply for a new credit product on your behalf.
  5. Review your credit report and look for any information that is inaccurate or incomplete.
  6. Report identity theft and fraud by contacting the Federal Trade Commission online at www.identitytheft.gov. The FTC will collect the details of your situation.
  7. Additional organizations to contact depending on the situation:
  8. Download IBM Trusteer Rapport from BMO.com/us/security.
  9. Change your passwords for all banking, social media, and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.
    • Set a different password for each of your online accounts. Never use birthdays, anniversaries, names of your children or pets, or common phrases such as “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
  10. Verify that the personal information on your online banking profile is correct, especially your contact details. If you need to make changes, visit a branch, or call the Contact Center. Continue to monitor your personal accounts for any suspicious transactions. Contact any other credit companies if you notice unusual transactions.
  11. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster may have ordered a new SIM card to facilitate the account takeover in the first place.
  12. Report any issues with your mail and confirm your address:
    • If you receive statements for accounts you didn’t open, contact the creditor
    • If you don’t receive statements for your usual accounts, contact the bank or other company.
    • If you don’t receive regular mail, contact your local post office

For more information on how to prevent fraud in the future, visit our security center and security tips on BMO.com/us/security.

What is account takeover?

Account takeover fraud occurs when a criminal gains access to your banking profile to either commit theft of your personal information or execute unauthorized transactions. Noticed unfamiliar activity on your account? We can help.

BMO’s recommended steps to complete in order:

  1. Contact your financial institution. If you bank with multiple financial institutions, contact them too, even if those accounts have not been compromised. Your financial institution will add an alert to your customer profile indicating that you have been a victim of an account takeover.
  2. Close and reopen your bank accounts and change all access numbers on your credit products. You may also add a verbal password to your profile as additional protection. The easiest way to do this is by visiting your local branch. Don’t forget to bring in two pieces of government-issued photo ID. If your ID doesn’t have your address on it, bring a utility bill with both your name and home address.
  3. Contact the applicable Credit Bureau Agency (Equifax, Experian or TransUnion) to place a fraud warning. This will protect you in case a perpetrator decides to apply for a new credit product on your behalf.

  4. If you have been a victim of a digital account takeover, complete the steps below:

    a) If your electronic or mobile device(s) were compromised, have them formatted, serviced and scanned for malware by a professional, and change your login information.

    b) Download IBM Trusteer Rapport from BMO.com/us/security

    c) Change your passwords for all banking, social media, and email sites you have accessed from your computer. You should also update the passwords on any websites with linked accounts, such as Amazon, Apple, or Google.

    • Set a different password for each of your online accounts. Never use birthdays, anniversaries, pet’s or children’s names, or common phrases like “password” or 123456. Instead, use complex phrases that are at least 8 characters long. Your passwords should include upper and lowercase letters and special characters (numbers and symbols).
  5. Once you have received and activated your new card, update any pre-authorized transactions with the new card details. Also update any linked accounts, such as Amazon, Apple, or Google.
  6. Verify that the personal information on your online banking is correct, especially contact details. If you need to make changes, visit a branch, or call the Contact Center.
  7. If you notice any unusual charges or increased usage of your telecommunications accounts, contact your provider immediately. In some cases, the fraudster may have ordered a new SIM card to facilitate the account takeover in the first place.

For more information on how to prevent fraud in the future, visit BMO.com/us/security.

BMO Digital Banking and Bill Pay Service Guarantees

We’ll reimburse you for any losses to your personal banking accounts from unauthorized transactions through BMO Digital Banking. As well, if we fail to process a properly scheduled bill payment in BMO Digital Banking in accordance with your instructions, we’ll reimburse any late charges assessed by the biller.

To ensure reimbursement, you'll need to take a few steps to protect your account information, as outlined in our BMO Digital Banking Agreement.