Personal Finance

Online banking fraud victim - help needed!

  • Last Updated:
  • Jan 22nd, 2018 10:59 pm
Sr. Member
Oct 22, 2015
920 posts
234 upvotes
mkl38s wrote:
Nov 9th, 2017 9:11 am
I remember someone mentioned a while back why BMO only allows 6 digits as the password. I don't remember password reset requirement, probably some security questions/answers which sometime, they can guess them from your social media accounts. I have or had accounts with all of them except scotia and this is what I found
- TD, RBC, NBC, EQB, ZAG - they all allow password with even special characters
- CM, Simplii/PCF - allow letters, but limit to 12 characters max and no special characters
- BMO/Tangerine - digits only and limit to 6

I closed my BMO a while back and setup security questions with my Tangerine account. I also only have savings and linked with my other banks. So if they get into my Tangerine, they must setup new link (remove old one) which I will be notified. Else they will just be moving my money for me to other banks which I will also be notified
BMO actually allows 6 alphanumeric characters.
Deal Addict
User avatar
Jan 11, 2004
4771 posts
379 upvotes
Victoria
Dave98 wrote:
Nov 9th, 2017 9:21 am
Agreed. Security questions are one of the worst things they have come up with. I'm sure it has actually made things even less secure.
Which is why it's a good idea to not use them. I just use random gibberish for mine. It means to reset a password I need to phone in or visit a branch but I don't care. For example what is your favourite color? fasduhfn23ty74qhweufjksdahfjasdhjk hsdaf dsfsdafhjasdkh fdsja . Have fun hakzorzs
Sr. Member
User avatar
Jul 25, 2008
731 posts
55 upvotes
Ottawa
I read somewhere Banks are writing off something like 40 millions a month due to fraud. Just one bank . But they save in having branches.

I locked out my accounts from pcomputer access.,. Only cheaques, bank tellers and branch atm...ebanking only by phone and cheaques with added security password. Not your birthday, address type of stupid verifications.

E interac with email is a prime tool for loosing your savings. In my opinion. Yet banks are promoting this feature.
Deal Expert
User avatar
Jan 27, 2004
38887 posts
3348 upvotes
T.O. Lotto Captain
Self serve online banking reset requires the following.

Its the "forgot my password" function.

It requires the email you have on file with bmo.
It also requires that you know the 3 security questions.
People always choose security questions they can easily remember. "Whats your City was your mother born?""


I imagine that someone hacked your email. Then they combed through emails you had to figure out your personal info. Maybe stalked your facebook and social media.

Anyone ever try the forgot my password function onn knline banking?

Its tough enough to keep people out. But if someone did enough stalking and email hacking they could get in.
Sr. Member
Mar 23, 2016
821 posts
222 upvotes
miyoshidoll wrote:
Nov 9th, 2017 6:28 am
Holly crap ! Mine is BMO too !

You know what's funny ? BMO used to have a security question which you had to answer before you entered your PIN to access the account . Now they got rid of that, so its easier to hack.

Now on www.bmo.com , you just enter your 16 digit Debit card number ( not hard to get from somewhere ) and then your 6 digit numeric PIN ( Its not even an alphanumeric PIN, they don't allow that ) , so only a 6 digit numbers PIN, that's it and your are in !

First after you entered the 16 digit debit card number, they would ask the answer to a security question and then the 6 digit PIN. But they got rid of the security question for some reason !

You could have any 3 security questions you wanted like - Who is your favourite athelete ? What was your first pets name ? Where did you meet your spouse ? etc etc.

I don't know why banks don't allow alphanumeric passwords and PINS like email does say something like *@1AY!

Just a numeric PIN is silly like 597436 or something like that.

16 digit debit number ( easy to get of the debit card ) and 6 digit numeric PIN and anyone is into your BMO account online ! No security questions, no alphanumeric PIN, no 2 STEP authentication , nothing ! No wonder someone hacked your BMO account.
BMO sounds completely incompetent -all banks are moving to enhanced security and they are reducing it? I've never actually heard of any financial institution doing that, wow who runs that shop lol
*Faux transparency / censorship warning for RFD*
Sr. Member
Mar 23, 2016
821 posts
222 upvotes
dealguy2 wrote:
Nov 9th, 2017 11:22 am
Which is why it's a good idea to not use them. I just use random gibberish for mine. It means to reset a password I need to phone in or visit a branch but I don't care. For example what is your favourite color? fasduhfn23ty74qhweufjksdahfjasdhjk hsdaf dsfsdafhjasdkh fdsja . Have fun hakzorzs
lol
*Faux transparency / censorship warning for RFD*
Deal Fanatic
Oct 1, 2004
5192 posts
371 upvotes
Toronto
edkate wrote:
Nov 8th, 2017 11:14 pm
BMO
My password was never written. Not easily guessable...im lost tooooooo
Someone once complained to me BMO is probably the only bank that doesn’t accept special characters or numbers in their passwords... if that is true unbelievable.
Deal Addict
User avatar
Aug 24, 2016
4426 posts
3287 upvotes
We’re all a little s…
cgtlky wrote:
Nov 9th, 2017 6:42 am
I also notice the change, however if (correct me if I am wrong) you used the same pc or mobile device on a different IP address that question will still pop-up.
Absolutely correct!
If using a device to login that was never used before, it prompts for an answer to a secret question.
Member
Mar 14, 2010
250 posts
99 upvotes
Toronto
If you can, use only your home computer -- attached to your modem by an ethernet cable, not by wifi -- for banking. The article below describes a recent method of kracking of wifi (discovered in July but now made public) which strips your privacy and allows access to the contents of your deviceto manipulate and steal data from your device -- passwords, email info, etc.). https://www.forbes.com/sites/thomasbrew ... ca6e972ba9

Android devices , especially with marshmallow or nougat installed are the most vulnerable and a fix is weeks away. Older Iphones are also vulnerable. Windows has already sent out a fix.
Sr. Member
Mar 23, 2016
821 posts
222 upvotes
coolintheshade wrote:
Nov 9th, 2017 3:26 pm
Absolutely correct!
If using a device to login that was never used before, it prompts for an answer to a secret question.
Most banks will actually ASK - do you want to not use security questions on this computer/IP.

BMO is clearly stuck in the 1920s
*Faux transparency / censorship warning for RFD*
Sr. Member
Mar 23, 2016
821 posts
222 upvotes
pickles02 wrote:
Nov 9th, 2017 4:52 pm
If you can, use only your home computer -- attached to your modem by an ethernet cable, not by wifi -- for banking. The article below describes a recent method of kracking of wifi (discovered in July but now made public) which strips your privacy and allows access to the contents of your deviceto manipulate and steal data from your device -- passwords, email info, etc.). https://www.forbes.com/sites/thomasbrew ... ca6e972ba9

Android devices , especially with marshmallow or nougat installed are the most vulnerable and a fix is weeks away. Older Iphones are also vulnerable. Windows has already sent out a fix.
Weird times. Thanks for the heads up
*Faux transparency / censorship warning for RFD*
[OP]
Deal Addict
User avatar
Feb 16, 2004
1487 posts
48 upvotes
York Region
Dave98 wrote:
Nov 9th, 2017 9:21 am
Agreed. Security questions are one of the worst things they have come up with. I'm sure it has actually made things even less secure.
All was changed right away! Even bank accounts are new.
Deal Addict
Mar 10, 2010
1040 posts
157 upvotes
Not saying that Kaspersky is good or bad but the actual truth about those files was a bit more nuanced see here. The function that "took" the files was the same function that you find in McAfee, Norton, etc. where suspicious files are sent back for further analysis. And since the files in question were actually exploit files it's no wonder they triggered Kaspersky...
springdays wrote:
Nov 9th, 2017 2:07 pm
Thanks for the notification - **** that's bad!

Top