Ottawa woman warned BMO of suspected bank fraud, still lost $15K | Page 2 | BMO | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Ottawa woman warned BMO of suspected bank fraud, still lost $15K
March 30, 2024
11:16 am
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

Also most people's IP address stays static for a long time these days. But people use their phone and wifi too.
Anyway, the banks don't seem too worried about it.

Simplii said they cannot and will not turn off or limit Global Money transfer, even when you don't want it. So that is a potential 150K backdoor in your Simplii account if you get hacked. And once that Global transfer is sent, It's gone.
It's your fault if you get hacked by a keylogger trojan, according to them.

March 30, 2024
11:23 am
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

davidgeorge said
Claim of etransfer theft prompts class-action suit against BMO
https://www.newmarkettoday.ca/local-news/claim-of-etransfer-theft-prompts-class-action-suit-against-bmo-8454964  

This one looks like a keylogger got their bank and email passwords. Then the criminal logs in, gets the codes, and then deletes the emails.
What was the IP address of the person who did the e-transfer and received the email code? If it was their home or local IP address, could be a family member stole the money. Or a family member could also use a proxy to conceal that.
E-transfer goes to a Canadian bank, so who's account?
But if it was something else, then a hack. But the banks won't cover getting hacked.

March 30, 2024
11:32 am
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

https://www.orilliamatters.com/police-beat/dead-end-local-woman-loses-3000-in-e-transfer-fraud-8053334

Ah it says it was from her IP address. And the police know which bank account it went into.
This is different, either a family member or someone in her house could have done it. Doubt a criminal would do IP spoofing for 3K.
But who knows.

March 30, 2024
11:38 am
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

The Rock said
Banks almost always blame the client. Their favorite thing to do is to accuse the client of sharing their login credentials with someone else. They tend to only take responsibility if the client goes public with the fraud and shames the bank in the media.  

It's also true the client always 'claim' they have done nothing wrong and blame the bank. Of course one can't admit guilt and wants compensation at the same time....

March 30, 2024
12:25 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3143
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

InterestThis said
Its your fault if you get hacked by a keylogger trojan, according to them.  

Of course it is you fault if you get hacked by a keylogger trojan! Who else could possibly be at fault? One is supposed to not click on links one does not know/trust and one is supposed to have robust anti-malware software on their device. People generally know not to leave their front doors unlocked. This is no different.

March 30, 2024
2:12 pm
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

Except it's not that hard to get hacked, even for someone with a decent amount of computer skills. Thus we have the situation where people are getting robbed by professional criminals from their computer.

March 30, 2024
2:23 pm
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

InterestThis said
Except its not that hard to get hacked, even for someone with a decent amount of computer skills. Thus we have the situation where people are getting robbed by professional criminals from their computer.  

Even if that is the case, it still can not possibly be the bank's fault...

March 30, 2024
2:54 pm
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.
Apparently BMO does not even have 2-factor verification with your cell phone for bank accounts. If that is the case, it is the banks fault, email verification is useless if you are hacked.
Looks like BMO Investors have some protection, according to their criteria.
https://www.bmo.com/self-directed/popups/online-security-guarantee

Most people do not realize that your bank account and debit card can be wide open for professional criminals, and you can get jacked. And its increasing.
Which is why I have locked down the relevant accounts to the max, and hopefully there will be more locked down accounts to protect your money.
Brinks trucks are armed tanks for a reason, to stop criminals.
All these people are finding out their bank account is basically wide open for theft.
And it is the banks fault there is not much higher security, but they know people will complain of the "hassle". People even complain when there is a weeks hold on 100K, when its for own their protection. Banks are negligent for sure, and so are many people.

March 30, 2024
3:02 pm
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

https://www.bmo.com/self-directed/popups/online-security-guarantee
Security Guarantee:
Subject to Sections 2 and 3 below, BMO InvestorLine will indemnify you for monetary losses resulting directly from any unauthorized transactions in your BMO InvestorLine account. This does not include any monetary losses resulting directly from any unauthorized transactions in your BMO Bank of Montreal bank account

Limitations:
BMO InvestorLine will not indemnify you and will refuse all requests for compensation pursuant to this security guarantee if we have reason to believe that:
...
you shared your BMO InvestorLine account number or password with any other person including, without limitation, an online account aggregation service provider, or were otherwise negligent or careless in keeping your BMO InvestorLine account number or password confidential;

March 30, 2024
3:49 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3143
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

InterestThis said
I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.  

No, they do not. They cover fraud and skimming at Point of Sale. They do not cover personal stupidity giving out a PIN to someone else or handing over a contactless RFID card to someone else. Take responsibility for things within your control.

March 30, 2024
4:56 pm
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

InterestThis said
I am not saying its only the bank's fault per se. But for credit cards, the companies do cover theft and fraud of this type.
Apparently BMO does not even have 2-factor verification with your cell phone for bank accounts. If that is the case, it is the banks fault, email verification is useless if you are hacked.
Looks like BMO Investors have some protection, according to their criteria.
https://www.bmo.com/self-directed/popups/online-security-guarantee

Most people do not realize that your bank account and debit card can be wide open for professional criminals, and you can get jacked. And its increasing.
Which is why I have locked down the relevant accounts to the max, and hopefully there will be more locked down accounts to protect your money.
Brinks trucks are armed tanks for a reason, to stop criminals.
All these people are finding out their bank account is basically wide open for theft.
And it is the banks fault there is not much higher security, but they know people will complain of the "hassle". People even complain when there is a weeks hold on 100K, when its for own their protection. Banks are negligent for sure, and so are many people.  

Are you sure BMO do not have MFA for bank accounts that can be either email or text msg ? I find that quite impossible to believe. But I never bank with them so don’t know.

March 30, 2024
5:00 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3143
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

Point #6 https://www.bmo.com/en-ca/main/personal/security-centre/security-tips/?icid=tl-bmo-ca-english-popup-en-link

Added: AFAIK, the 2FA authentication is not engaged for if one's device is the 'trusted device' and used from home IP address. That is common among many FIs. I suspect it also assumes one isn't deleting cookies on browser exit.

March 30, 2024
5:28 pm
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

AltaRed said
Point #6 https://www.bmo.com/en-ca/main/personal/security-centre/security-tips/?icid=tl-bmo-ca-english-popup-en-link

Added: AFAIK, the 2FA authentication is not engaged for if one's device is the 'trusted device' and used from home IP address. That is common among many FIs. I suspect it also assumes one isn't deleting cookies on browser exit.  

CIBC is similar. From my home IP, it rarely ask for 2FA even if I dont specific as trusted device. I never designate any device as trusted, whether its my home PC or ipad. On the phone, its a little meaningless, cuz 2FA gets sent to the phone anyway. So if the crooks have access to my phone, 2FA or not is irrelevant.

March 30, 2024
5:30 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3143
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I never access FI logins from my phone. It feels like an oxymoron.

March 30, 2024
5:36 pm
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

AltaRed said
I never access FI logins from my phone. It feels like an oxymoron.  

well if ur home, use ur wifi is fine, no different than ur desktop.
If outside, just make sure u r using ur own data via carrier (LTE, 5G etc) and not some free wifi like Starbucks or McD. Also be careful at shopping malls, a lot of them ur phone will just autoconnect if you have used the mall wifi in the past.

March 30, 2024
7:32 pm
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

AltaRed said

No, they do not. They cover fraud and skimming at Point of Sale. They do not cover personal stupidity giving out a PIN to someone else or handing over a contactless RFID card to someone else. Take responsibility for things within your control.  

Who are you talking to? You apparently don't read and then just spout off something random? Credit cards cover fraud much more than a bank account.

March 30, 2024
9:40 pm
Lodown
Member
Members
Forum Posts: 250
Member Since:
January 10, 2017
sp_UserOfflineSmall Offline

InterestThis said

Simplii said they cannot and will not turn off or limit Global Money transfer, even when you don't want it. So that is a potential 150K backdoor in your Simplii account if you get hacked. And once that Global transfer is sent, It's gone.
It's your fault if you get hacked by a keylogger trojan, according to them.  

It is illegal for a bank to increase your credit card limit. A lower limit decreases your potential loss which protects the customer. Why is it not illegal for banks to allow Global Access on your account without the customer's approval?

March 30, 2024
9:48 pm
Lodown
Member
Members
Forum Posts: 250
Member Since:
January 10, 2017
sp_UserOfflineSmall Offline

savemoresaveoften said

well if ur home, use ur wifi is fine, no different than ur desktop.
If outside, just make sure u r using ur own data via carrier (LTE, 5G etc) and not some free wifi like Starbucks or McD. Also be careful at shopping malls, a lot of them ur phone will just autoconnect if you have used the mall wifi in the past.  

Your connection to your bank is end-to-end encrypted at McD, Starbucks or from the comfort of your home. The risk is a man in the middle attack which allows your login credentials to be stolen. Sorry to say, this type of attack can happen at your home as well by your hacker neighbors, someone outside close to your home sitting in a car. That is why 2FA is second level of defence....never give it out if someone calls you! Oh, and to avoid most man in the middle attacks, hard wire your computer to your router ...no wifi.

March 31, 2024
1:29 am
RetirEd
Member
Members
Forum Posts: 1170
Member Since:
November 18, 2017
sp_UserOfflineSmall Offline

Norman1: Most cable home internet uses a dedicated IP address, as many users want to run a local web server, especially small businesses. I use an ADSL service with dynamically allocated IP address - allowing me to renew myself for some sites with usage limits, and be less identifiable to snoopers. It also messes up geolocation by web sites, as they only see your ISP's IP block. (They usually think I live about75 km east of here.)

I can't name all the services offering a choice, as it may often differ depending on which local area of their network you are on.

Lodown:

It is illegal for a bank to increase your credit card limit. A lower limit decreases your potential loss which protects the customer. Why is it not illegal for banks to allow Global Access on your account without the customer's approval?

Is this a cross-Canada rule now? Back when I lived in Quebec, it was illegal to raise a client's credit limit without a request. When I moved to BC, my card kept increasing my limit (as high as $10K!) without my request or permission. I kept calling and asking for it to be reduced to where it was, and after about six years they honored my request to stop doing that. We're talking mid-'90s here.

A side effect was that it got really hard to increase my limit when I wanted to! I could easily obtain another card product from them, but increasing the limit on my main card was hell - in the end I sent them a redacted photocopy of a statement showing a large GIC and they relented.

I prevent use of contactless payment with my card (if stolen) by disabling the contactless on cards whose issuers permit that. Note that one usually has to check that it's still disabled when a card is replaced!

If they won't disable it or reduce its contactless limit to or $1, one can easily find and cut the antenna wire on the card. The chip contacts will still work. Either a very bright backlight or careful location of the wire at the card's right edge will allow you to use either a hole punch, razor blade or drill to sever it. Been doing this since the first contactless cards; never a problem. Private Message me if you need more info on how to do this.

RetirEd

March 31, 2024
3:53 am
BSGJ
Member
Members
Forum Posts: 22
Member Since:
December 16, 2012
sp_UserOfflineSmall Offline

InterestThis said

Who are you talking to? You apparently don't read and then just spout off something random? Credit cards cover fraud much more than a bank account.  

This is an excerpt from a brochure (Credit Cards: Understanding Your Rights and Your Responsibilities) found on FCAC website:

Visa, MasterCard and American Express have zero-liability policies, so that if your credit card is lost or
stolen, or if someone uses your credit card number to make transactions you didn’t authorize, you
can usually be reimbursed. FCAC monitors these commitments, so if you’re having difficulty, contact
FCAC and we will review the complaint.
The zero-liability policy applies to transactions made on the Internet, by phone or at retailers. However,
it may exclude transactions made using a PIN (personal identification number) – for example, a cash
advance made with your card at an automated banking machine. It may also exclude transactions made
with convenience cheques, or transactions made on corporate credit cards.
Contact your credit card issuer to find out its policy on unauthorized transactions and how you can
be protected. This type of policy is not usually listed in a credit card agreement, since it is a public
commitment and not a legal requirement."

In my 40 years of owing and using various credit cards, I have been fortunate to have never had to use the cash advance option and therefore don't want the potential exposure. Over the past week, I have spent countless hours calling each of my credit card companies asking for the "Cash Advance Limit" to be reduced to zero (0) or alternatively, turn off the cash advance option on the card. Every company understood my concern for reducing risk and exposure but only 1 company was willing to reduce it within minutes. It's been a fight with the remaining companies. My calls have been transferred to supervisors with no resolution and ultimately, formal complaints have been lodged with the Financial Institution's (FI's).

I feel compelled to include the information and my experience in this thread after reading about the inability for FI's to further secure Global Money Transfers for their customers.

If anyone has questions about my experience or would like to know more about the what I've learned about the potential fraudulent exposure to cash advance limits on your credit cards kindly reach out via a PM.

No permission to create posts

Please write your comments in the forum.