• For Our Customers
  • Harris Customers
  • M&I Customers
• About BMO Harris
• Community Commitment
• FAQs

• Video

Don’t Take The Bait!

[Fish swimming across the screen towards a hook]

When it comes to today’s top fraudulent threats, phishing emails have moved up to third place behind credit and debt cards, and check fraud.

In fact, from April 2009 to Dec 2010 users reported a 22% increase in phishing attempts according to Industry Security Threat Reports for 2011.

So what exactly is phishing and how can you “catch it” when it lands in your inbox?

Phishing emails are created by criminals trying to steal personal or financial information about you. Once they have this information they can pretend to be you, and either steal your identity or your money… either way you’re left on the hook…
The easiest way for criminals to get someone to provide confidential information is to create a fake email that looks legitimate (banks are their favourite targets) and send it out to as many people as possible.
That's why you get emails from other banks that you don’t even deal with. The thing is these criminals only need a few people to “take the bait” to make it worth their while.

And how do they get your confidential information? Well by asking for it, of course! Phishing emails will either ask you to complete a form or ask you to click on a website and enter your confidential information there.

The problem is, just like fancy lures that sparkle and shine, these criminals are very good at creating fake sites that look exactly like the company they are trying to copy.

The good news is there are a number of telltale signs that you can look for to help you identify those phishy emails and keep you from becoming a victim of identity theft.

The first thing to look for is a generic greeting like “Dear Customer”. Since you are one of thousands, if not millions of people receiving this email, chances are it won't be personalized.

And it’s not unusual for the sender to indicate they are from the security, privacy, or fraud department at the bank. It makes it sound much more official that way doesn’t it?

Another more obvious characteristic of a phishing scam is the lack of professionalism in the email.

The brand images may be small, fuzzy, or off color; this is because the images are cut and paste from a company website.

Next look for signs of poor spelling and confusing grammar. Many phishing scams are created in foreign languages and then translated using an online program. Although the English is close, the translation from an online translator is never really quite right.

Phishing emails will often create a sense of urgency — the idea is to move you to act quickly before you even realize this is a scam.

Look for bold text or warnings of account suspension if you do not provide confidential information either immediately or within 24 or 48 hours.

Lastly, one of the best ways to check the legitimacy of a suspected phishing email is to verify the hyperlink provided in the email is sending you to a legitimate site.

By mousing over the “click here”/hyperlink text but not actually clicking on it, a small box will appear that reveals the true web address that you are being directed to.

In phishing emails, the web address is not the same as the one provided in the text of the email. Look for a strange number combination or a web address that is unrelated to the bank.

So now you know how to recognize a phishing email, there are few things you definitely should NOT do:
1. Don’t click on any links
2. Don’t provide any personal information
3. Don’t reply to the email or try to contact the senders
4. Don’t open any attachments
5. Don’t click on “unsubscribe” links

And two things you should do:
1. Report the phishing scam to us
2. Delete the email once you've forwarded it.

We need your help to identify these sites. If you receive an email and suspect it is a phishing attempt, please forward the original email to harris.phish@harrisbank.com.

We investigate each and every site you send to us and we shut them down to prevent other customers from being lured into providing their personal information and becoming a victim of identity theft or fraud.

As the popularity of banking using cell phones and mobile devices increases — so has variations on Phishing scams. In addition to email scams now there are Voice Mail or Vishing scams and SMS or text scams called SMiShing.

Both scams work on the same premise as the classic phishing scam; criminals pose as legitimate businesses in an attempt to steal your information. The difference is the medium they use.

Vishing is where criminals typically call you over the phone and identify themselves as bank personnel from customer support or even from the fraud department. SMiShing is based on text messages (SMS) where criminals send a text message to your phone posing as the bank.

The important thing to remember is our commitment to YOU. We will never ask you for confidential or account information using an unsolicited email, phone call, or text message. If you have been a victim of fraud, we will ask you to call or visit your local branch.

If you still feel uncomfortable about an email, phone call, or SMS message you received from the bank, you can call our Customer Contact Center using the number on the back of your debit or credit card. That way you can be sure you are speaking with a legitimate bank representative.

If you suspect that you’re in the midst of a phishing, vishing, or SMiShing scam, remember this: if it smells fishy, don't take the bait!