Federal Deposit Insurance Corporation FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Fraud Information Center

Each year more and more Americans are victims of fraud. Home State Bank is dedicated to assisting its customers in protecting their private information.

Stay Informed

We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed.  Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.  

 Glossary of Terms

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be.  Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
Smishing is a form of phishing that uses mobile phones as the attack platform.   This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
Juice Jacking refers to the threat of malicious access gained to your phone or other USB devices when plugged into a public charging kiosk - such as at an airport or sporting event.
Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Scareware is malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.
Doxing is the action or process of searching for and publishing private or identifying information about a particular individual on the internet, typically with malicious intent.

 Fraud Alerts

Updated July 16, 2024

Amazon-Related Scams Spike Ahead of Prime Day

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target users during Amazon Prime Day next week.

“While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms,” the researchers write.

Many of the phishing sites impersonate Amazon’s login page in order to steal users’ credentials. The crooks are also targeting Amazon carrier accounts with a phishing site called “amazon-onboarding[.]com.”

Check Point recommends that users adhere to the following best practices to thwart these attacks:

  • Check URLs Carefully:  Be wary of misspellings or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data.
  • Create Strong Passwords:  Ensure your Amazon.com password is strong and uncrackable before Prime Day to protect your account.
  • Look for HTTPS: Verify that the website URL starts with “https://” and has a padlock icon, indicating a secure connection.
  • Limit Personal Information: Avoid sharing unnecessary personal details like your birthday or social security number with online retailers.
  • Be Cautious with Emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source.
  • Skeptical of Unrealistic Deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers.
  • Use Credit Cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen.

--Information provided by KnowBe4 Security Awareness Training Blog

Vacation Mode: Tips for everyone

Whether you're headed to the beach or mountains, traveling by car or plane, staying local, or going abroad for an extended holiday or a weekend getaway – summer brings a variety of travel plans for you, your coworkers, and your customers. Here are some tips to keep in mind during your travels, which you can also share with your customers to help them prepare for theirs.

Tap-to-pay is a newer technology that your organization may deploy on your cards. In addition to physical cards, mobile devices have evolved to allow customers to utilize tap-to-pay on their various devices. Though convenient for payments, it is also convenient for scammers to pickpocket digitally. Here are some tips to check before embarking on your travels and to keep in mind when you return:

Tap-To-Pay Risks

  • Ensure your wallet, purse, or bag has RFID protection. This will limit the ability for someone to tap your possessions to process a tap-to-pay transaction quickly.
  • Ensure your devices require a passcode or biometric authentication (FaceID/Fingerprint) before processing a tap-to-pay transaction. Many mobile devices require this.
  • Disable the feature if you do not use tap-to-pay on your devices. Even if you do not have a card loaded on the device, many devices have tap-to-pay features for other transactions.

Devices Security

Mobile devices, from phones to tablets, are daily companions for us and our families, especially while traveling. These devices now contain more personal and financial information than ever before. Here are three important considerations when using your devices while traveling:

  • Free Wi-Fi Isn't Always Free: Many free connections are unmanaged and unsecured. While the provider of the connection may not be malicious, other users on the network might be. Whenever possible, use your data or personal hotspot.
  • Juice Jacking/Free Charging: Public charging stations in airports and other common waiting areas can be used by bad actors to transmit malware or access your device data. Bring your own power bank and consider carrying "charging only" cables when possible.
  • Stay Up to Date: Bad actors often exploit the latest vulnerabilities in devices. Before traveling, take a few minutes to check for and install any available updates on your devices

--Information from Information Security Brief from BankOnIT

Spot Scammers looking to profit from Midwest Tornadoes

Just as people in Nebraska, Iowa, Oklahoma, and other Midwestern states are reeling from the catastrophic damage caused by tornados and other severe weather, scammers are rolling in. They use all kinds of stories to try to trick not just those doing their best to recover, but also anyone who tries to help. The best way to steer clear of these disaster-chasing scammers? Know what their tactics have in common.

A great place to help yourself and others spot and avoid scams after a disaster is ftc.gov/WeatherEmergencies. If you’re pressed for time as you focus on recovery, remember this:

  • FEMA and the Small Business Administration don’t charge application fees. Only scammers say they’re a government official and demand money to help you qualify for FEMA funds or government grant. The best place to get information is fema.gov or sba.gov if you are a business owner.
  • Scammers offer help but demand you pay for clean-up or repairs upfront. Never pay in full upfront. And don’t hire anyone who refuses to give you copies of their license and insurance, and a contract in writing.

If you’re not directly affected but want to donate to help people in need, take time to research places to donate. That way, you make sure your money goes to the people in need, not charity scammers.

--Information from Federal Trade Commission Consumer Advice

 Tips to Help Safeguard Your Passwords:

If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.

ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:

  • “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
  • “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
  • “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
  • “Change your password immediately if a provider tells you your data may have been breached
  • “Only use HTTPS sites for logging in
  • “Don’t click on links or open attachments in unsolicited emails
  • “Only download apps from official app stores
  • “Invest in security software from a reputable provider for all your devices
  • “Ensure all operating systems and applications are on the latest version
  • “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”

--Information from KnowBe4 CyberHeist Newsletter & Blog

Tips for Online Shopping

With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.

  • Software Updates
    Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
  • Password Protection
    Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
  • Avoid Public Wi-Fi
    Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
  • Know Your Vendor
    Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information. 

 Tips to Avoid Becoming a Victim of Identity Theft

  1. Keep passwords secure and always shred documents that contain any sensitive information.
  2. Do not carry your social security card with you.
  3. Sign the back of your debit and/or credit cards.
  4. Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
  5. Never give any of your personal information to anyone you don't know or trust.
  6. Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
  7. Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
  8. Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
  9. Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.

See Additional Safety Tips

 My Identity Has Been Stolen. Now What Do I Do?!

If you have been the victim of identify theft, here are some steps to help you get your life back on track:

  1. Place a fraud alert on your credit report.
    • When you place an alert on your credit, this will prevent any other account from being opened.
    • You can request a report to see if any charges seem suspicious.
  2. Close the accounts you think could be affected.
    • Contact someone in the fraud or security department of your financial institution.
    • Follow up in writing with copies of any supporting documents.
    • If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
  3. File a complaint with the Federal Trade Commission (FTC)
    • When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
  4. File a report with the local police department
    • Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.

 Ways to Protect Your ID

Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:

Questions?

If you have any questions about any of the services we offer, please call us at 877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.

Back to Top

Internet Explorer 11 is outdated. For improved security and optimized performance we highly recommend upgrading your browser. ChromeFirefoxEdge