We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed. Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.
Glossary of Terms
There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.
|Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
|Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
|Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
|Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.
Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.
Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.
|Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
|Juice Jacking refers to the threat of malicious access gained to your phone or other USB devices when plugged into a public charging kiosk - such as at an airport or sporting event.
|Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
|Scareware is malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.
Updated October 6, 2023
That friend request could be from a scammer
Scammers are using social media to go after your money and personal information. And it’s working: since 2021, people have reported losing $2.7 billion to scams that started on social media — way more than with any other contact method.
Scammers like social media because they can pretend to be someone they’re not. They can hack your profile, pretend to be you, and con your friends. They can target you and others using information from your profile like your age, hobbies, and what you buy. And they can do all this at little to no cost.
So what do social media scams often look like? Scammers might target you with an ad for something, but after you pay (for the thing that turns out to be fake), they take your money and run. Or they might try to sell you on a bogus investment opportunity (often involving cryptocurrency). Or they might send a friend request out of the blue and pretend to be a potential love interest. But then…they ask for money.
To avoid these and other scams on social media:
- Use your privacy settings to limit who can see your information and what you post.
- Don’t reply to messages that ask for money or personal information. Even if the message looks like it’s from a friend or family member, their account may have been hacked. Call them to check.
- Before you buy something, check out the company. Search online for its name along with words like “scam” or “complaint.”
--Information provided by Federal Trade Commission Consumer Advice website
No Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack
$52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, Excalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing…a 10-minute phone call.
Gamblers could not gamble. Guests could not access rooms. Lights went out. Panic set in. The attack led to hours of delays in guest check-ins and affected electronic payments, key cards, thousands of slot machines, ATMs, parking, and other systems.
What happened? Social engineering happened.
A member of the criminal group used the identity of an MGM employee found easily on LinkedIn, called the MGM help desk and asked for a password change. The IT person working on the help desk happily complied, and the hacker went into business, leaving no chips on the table.
The financial implications for MGM will be significant. Its Las Vegas Strip properties generate over $13 million per day in revenue from hotel rooms and casinos alone. The rating agency Moody's warned the breach could negatively impact MGM's credit rating.
While MGM has not yet publicly acknowledged receiving a ransom demand, they are collaborating with the FBI and cybersecurity experts to investigate the breach and restore affected systems. Paying ransoms to cyber attackers does not guarantee recovery of encrypted data. The FBI advises against making such payments to extortionists for fear of encouraging further attacks.
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta stated: Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said.
David Bradbury, chief security officer of the identity management company Okta, said five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.
The most effective approach to safeguarding organizations against ransomware attacks? A long list of best practices that entails implementing security measures like phishing-resistant MFA and data encryption.
--Information from KnowBe4 Security Awareness Training Blog
Hello, it's ME?
AI can and is being used to increase the efficiency of security measures; however, it is also being used to create harmful, targeted, and more sophisticated cyber threats. AI threats are not just behind screens; they are in your ear. Malicious actors are utilizing not only SPAM emails and other digital attacks but also spoofing customers' voices to gather personal information and approve the transfer of funds.
Joana Stern of The Wall Street Journal proved this theory by cloning herself with AI, which successfully fooled her bank and her family. Attackers will often pair these attempts with a sense of urgency in hopes that they can catch the employee off-guard. It is no longer enough to hear someone quickly confirm on the phone.
Below are steps you can take to protect yourself and your customers from these attacks.
- Listen - If spam is suspected, avoid speaking first and let the caller speak. Whoever is calling you could be recording snippets of your voice and later using it to impersonate you. A simple "Hello, who is this?" may be too much.
- Quality of Questions - Ensure the questions you are asking are in-depth. Don't be afraid to have a personal conversation if you are unsure who you are talking to is who they say they are. It is not impolite; it's assurance.
- Think Before You Click - Cyber attackers use AI to craft and scale unique SPAM emails. Always hover before you click any links to see the full URL.
- Limit Personal Data - Always be aware of what information you submit online. If you are utilizing a productivity resource, be sure to generalize all business, personal, and premise information.
--Information from Information Security Brief from BankOnIT
Tips to Help Safeguard Your Passwords:
If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.
ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:
- “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
- “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
- “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
- “Change your password immediately if a provider tells you your data may have been breached
- “Only use HTTPS sites for logging in
- “Don’t click on links or open attachments in unsolicited emails
- “Only download apps from official app stores
- “Invest in security software from a reputable provider for all your devices
- “Ensure all operating systems and applications are on the latest version
- “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”
--Information from KnowBe4 CyberHeist Newsletter & Blog
Tips for Online Shopping
With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.
- Software Updates
Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
- Password Protection
Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
- Avoid Public Wi-Fi
Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
- Know Your Vendor
Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information.
Tips to Avoid Becoming a Victim of Identity Theft
- Keep passwords secure and always shred documents that contain any sensitive information.
- Do not carry your social security card with you.
- Sign the back of your debit and/or credit cards.
- Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
- Never give any of your personal information to anyone you don't know or trust.
- Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
- Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
- Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
- Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
See Additional Safety Tips
My Identity Has Been Stolen. Now What Do I Do?!
If you have been the victim of identify theft, here are some steps to help you get your life back on track:
- Place a fraud alert on your credit report.
- When you place an alert on your credit, this will prevent any other account from being opened.
- You can request a report to see if any charges seem suspicious.
- Close the accounts you think could be affected.
- Contact someone in the fraud or security department of your financial institution.
- Follow up in writing with copies of any supporting documents.
- If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
- File a complaint with the Federal Trade Commission (FTC)
- When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
- File a report with the local police department
- Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.
Ways to Protect Your ID
Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:
- Monitor credit annually
- Use a P.O. Box
- Opt-out of junk mail / internal marketing lists / offers of credit
- Enroll in the "DO NOT CALL" registry with FTC (Federal Trade Commission); it's FREE!
If you have any questions about any of the services we offer, please call us at 877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.