A recent phishing campaign targeting Bank of Montreal (BMO) customers has been identified. The scam involves text messages purporting to be from BMO, asking recipients to verify their credit card information. Key indicators of the fraudulent nature include the use of a non-official SMS number, incorrect display of card numbers, and a malicious website with spelling errors. The domain 'bmo-securltyverlfy1.com' was registered on December 11, 2024, and is associated with an IP address linked to 81 other domains targeting various Canadian institutions. The campaign exploits the holiday season to deceive users into revealing sensitive banking information.