Skip to content
BOK Financial

COVID-19: Protect Yourself from Fraud

Times of crisis are prime opportunities for cybercriminals trying to steal your personal information using phishing attacks and disinformation campaigns. To gain access to your accounts and sensitive information, fraudsters use a combination of email, texts, calls, or even fake websites to trick victims.

To stay safe, you should avoid unsolicited emails and validate all requests for your personal information and login credentials. As a reminder, we will never ask for your full account number, login credentials, or security questions over the phone.

How You Can Protect Your Information


Do not use personal information such as your social security number or birthday as part of your username.

Make sure you use strong, unique passwords for each financial institution you do business with and change them regularly. Consider using a password manager to create, manage, and store passwords that are unique and secure.

Never reuse passwords for multiple online accounts. Cybercriminals will try to use passwords they obtain to access other online accounts.

We may prompt you to answer one of your security questions when you log in from a new computer for the first time or change your password. Don’t share security questions with anyone. Make your answers easy enough for you to remember, but hard for anyone else to guess.

We will never ask you for your password. If you receive an email asking for your login credentials, do not respond; it’s not from an authorized BOK Financial representative. We recommend that you don’t share your password with anyone, including family members.

You should immediately change your password if you:

  • Use the same password for multiple online accounts
  • Believe your password has been stolen
  • Shared your password with someone
  • Provided your password in a phishing email

Protecting You Online with Multi-Layered Technology


To help prevent unauthorized access, we require you to create a unique username and password when you first access your account. The strongest passwords are long and employ a mix of numbers, upper and lowercase letters, and special characters.

We may prompt you to answer one of your security questions when you log in from a new computer for the first time or change your password. This will block those trying to gain unauthorized access to your accounts.

Our websites use website validation to verify that you are accessing our authentic site and not a “spoofed” site. Look for the padlock icon in the address bar to confirm that you’re on our official and secure website.

To help reduce the chance of unauthorized access of your account, we’ll automatically log you off after a period of inactivity.

We provide email alerts when sensitive transactions occur in accounts, such as when a withdrawal is requested, or your personal information is changed or updated.

We use predictive intelligence to understand threats that target our organization. We use this information to predict, prevent, and respond to incidents to help protect our clients.

Firewalls protect BOK Financial's networks, applications, and computer systems from hackers and cyber-attacks trying to gain access to our data centers. We use some of the strongest firewalls available in the industry to guard the information housed in our data centers.

You can send us secure, encrypted messages once you’re logged in to our site. We will never ask for sensitive information such as your social security number, birthday, or login credentials via email.

Other Safeguards


We always verify your identity before granting access to your accounts whether you visit us online or by phone.

We’re on the lookout for suspicious irregularities across our network and infrastructure every day, all day. We will promptly alert you if we spot a problem that affects you.

We monitor transactions for suspicious and unusual behavior to ensure that they are authentic and legitimate. If we detect abnormal activity in one of your accounts, we will notify you immediately.

We use red team/blue team exercises within our penetration testing to continually test our defenses. These exercises were originally used by the military to test force readiness and are more thorough than traditional penetration tests as they emulate the behaviors and techniques of likely attackers.

To protect our brand and our clients’ data, we’re always on the lookout for cybercriminals pretending to be us and continually monitor for fraudulent websites, malicious emails, and rogue mobile apps on the deep and dark web.

Our security measures extend far beyond our website. We diligently monitor all work areas in order to prevent theft or scrutiny of documents containing sensitive information. In addition, authorized personnel can only enter work areas through use of a security badge.

We limit access to systems containing customer data to only those employees who need it to conduct business. We continually monitor access and only grant it on a case-by-case basis.

All employees who handle sensitive information are trained in privacy and security. Those employees are held to high standards in adhering to established protocol in order to ensure that client data is kept private.

For more information, visit our Online Security page.