Phishing for Banking Information

Dec. 27, 2024, 3:51 p.m.

Description

A recent phishing campaign targeting Bank of Montreal (BMO) customers has been identified. The scam involves text messages purporting to be from BMO, asking recipients to verify their credit card information. Key indicators of the fraudulent nature include the use of a non-official SMS number, incorrect display of card numbers, and a malicious website with spelling errors. The domain 'bmo-securltyverlfy1.com' was registered on December 11, 2024, and is associated with an IP address linked to 81 other domains targeting various Canadian institutions. The campaign exploits the holiday season to deceive users into revealing sensitive banking information.

External References

https://isc.sans.edu/diary/rss/31548
https://otx.alienvault.com/pulse/676ec86a15c6c8a64422f85f
Tags
banking
smishing
2024-12-27
bmo

Date

  • Created: Dec. 27, 2024, 3:31 p.m.
  • Published: Dec. 27, 2024, 3:31 p.m.
  • Modified: Dec. 27, 2024, 3:51 p.m.

Indicators

  • c76cbf6e22734f177e024e1fee02ed17a53413e0dfee02c6a6601be28280b167
  • bmo-securltyverlfy1.com
Download all indicators here!

Attack Patterns

  • T1583.001
  • T1589.002
  • T1566.002
  • T1566

Additional Informations

  • Finance
  • Canada