We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed. Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.
Glossary of Terms
There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.
|Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
|Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
|Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
|Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.
Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.
Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.
|Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
Updated January 11, 2023
Don’t answer another online quiz question until you read this
What do the model of your first car, your favorite hobby, and the high school you attended have in common? If you said they’re questions commonly used for online account security and online quizzes, you’re correct! Before you take a quiz to find out which Disney Princess you are, ask yourself: Do I know who’s gathering this information about me — or what they plan to do with it?
Personality tests, quick surveys, and other types of online quizzes ask seemingly harmless questions, but the more information you share, the more you risk it being misused. Scammers could do a lot of damage with just a few answers that give away your personal information. We’ve heard about scammers phishing for answers to security question data through quizzes. They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information. Some scammers hack social media accounts and send malware links to friends of the hacked account holder under the guise of sharing a quiz.
One major way to protect your personal information — in addition to maintaining strong passwords and using multi-factor authentication — is to steer clear of online quizzes…or just don’t answer them truthfully. As for accounts that require actual security questions, treat them like additional passwords and use random answers, preferably long ones, for those too. Asked to enter your mother’s maiden name? Say it’s something else: Parmesan or another word you’ll remember. Or use a password manager to store a unique answer. This way, scammers won’t be able to use information they find to steal your identity.
If you suspect that an online quiz is a phishing scam, tell a friend. Then, report it to the FTC at ReportFraud.ftc.gov.
--Information provided by Federal Trade Commission Consumer Advice website
Rise of the Robotexts
When it comes to texting scams, the key is knowing how to respond - and when not to
Scammers are always trying to find a way into your life. Just when anti-spam technology started to limit the number of robocalls we get (cut down by almost half over the past year), fraudsters started sneaking into our phones through another window — our text messages.
The Federal Communications Commission (FCC) recently reported that consumer complaints about unwanted texts have nearly tripled since 2019 and some independent reports estimate the number of monthly robotexts in the billions. Some of these are just spam, but many of them are scams — known as “smishing” — and they arrive in various forms, usually trying to alarm you about undelivered packages, unpaid (or paid!) debts or bills, problems with your bank account or credit cards, and even warnings about legal actions against you. Most smishing is designed to harvest personal information, while some might be more directly after your money.
To protect yourself, be on the lookout for texts that come from strange numbers, especially those with 10 digits or longer. Be wary of misspellings that might make it past blockers or filters, and messages with incomplete information. And steer clear of any text with web links you didn’t ask for or aren’t expecting.
If you believe you’ve received a suspicious text, here are some FCC-recommended steps you can take:
- Independently verify any number and its connection with the company in question and call them back only using an official phone number
- Do not respond — even if the message offers you the ability to opt-out by texting “STOP”
- Do not click on any links embedded in the text
- Do not provide any information via text
- Review your phone’s built-in text-blocking settings
- Update any phone, tablet, or smartwatch with the latest operating system and security applications
- File a complaint with the FCC and forward any unwanted texts to SPAM (7726)
- Delete all suspicious texts
Scammers are always going to look for a way to sneak into your life, whether it’s through the mail, via computer, or on your phones and tablets. All you can do is stay informed, remain vigilant, and know how and when to respond — or when not to.
--Information provided by BankOnIT Information Security Brief
Gift Card Scams
Someone might ask you to pay for something by putting money on a gift card, like Walmart, Target, Google Play or iTunes card, and then giving them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card. Anyone who demands to be paid with a gift card is a scammer.
What Gift Card Scams Looks Like
Gift cards are for gifts, not for payments. But they’re popular with scammers because they’re easy for people to find and buy, and they have fewer protections for buyers compared to some other payment options. They’re more like cash: once you use the card, the money on it is gone. Scammers like this.
If someone calls you and demands that you pay them with gift cards, you can bet that a scammer is behind that call. Once they have the gift card number and the PIN, they have your money. Scammers may tell you many stories to get you to pay them with gift cards, but this is what usually happens:
- The caller says it’s urgent. The scammer says you have to pay right away or something terrible will happen. But you don’t, and it won’t.
- The caller usually tells you which gift card to buy. They might say to put money on an Walmart, Target, or Apple gift card. They might send you to a specific store — often Walmart, Target, CVS, or Walgreens. Sometimes they say to buy cards at several stores, so cashiers won’t get suspicious. And, the caller might stay on the phone with you while you go to the store and load money onto the card. These are all signs of a scam.
- The caller asks you for the gift card number and PIN. The card number and PIN on the back of the card let the scammer get the money you loaded onto the card. And the scammer gets it right away.
How Scammers Convince You to Pay with Gift Cards
Scammers pretend to be someone they’re not to convince you to pay with gift cards. They want to scare or pressure you into acting quickly, so you don’t have time to think or talk to someone you trust. Here’s a list of common gift card scams and schemes:
- The caller says they’re from the government — maybe the IRS or the Social Security Administration. They say you have to pay taxes or a fine, but it’s a scam.
- Someone calls from tech support, maybe saying they’re from Apple or Microsoft, saying there’s something wrong with your computer. But it’s a lie.
- You meet someone special on a dating website, but then he needs money and asks you to help him. This romance scammer makes up any story to trick you into sending him gift cards.
- The scammer pretends to be a friend or family member in an emergency and asks you to send money right away — but not tell anyone. This is a scam. If you’re worried, hang up and call your friend or relative to check that everything is all right.
- Someone says you’ve won a prize but first, you have to pay fees or other charges with a gift card. Remember: no honest business or agency will ever make you pay with a gift card. But also — did you even enter that sweepstakes?
- The caller says she’s from your power company, or another utility company. She threatens to cut off your service if you don’t pay immediately. But utility companies don’t work that way. It’s a scam.
- You get a check from someone for way more than you expected. They tell you to deposit the check, then give them the difference on a gift card. But that check will be fake and you’ll be out all that money.
If someone asks you to pay them with gift cards:
- Report it to the Federal Trade Commission at ReportFraud.ftc.gov. Report it even if you didn’t pay. Your report helps law enforcement stop scams.
- You can also report it to your State Attorney General.
- If you lost money, also report it to local law enforcement. A police report may help when you deal with the card issuer.
--Information provided by Federal Trade Commission Consumer Advice website
Mobile Payment Apps: How to Avoid a Scam
You may have heard of mobile payment apps like Venmo, Cash App, or PayPal that let you send and receive money through your smartphone (or online). If you haven't used one before, here's how they work.
- First, you download the mobile payment app, and create an account. You’ll have to choose a payment method or source of funds, like a bank account, a debit card, or a credit card.
- Once you set up the account, you can send and receive money. When someone sends you money, the money doesn't go directly to your bank account. It gets added to your balance in the app. You can leave the money there to use later or transfer it to your bank account.
How to Avoid Sending Money to Scammers
Some scammers may try to trick you into sending them money through a mobile payment app. That’s because they know once you do, it’s hard for you to get your money back. Scammers might also pretend to be a loved one who’s in trouble and ask you for money to deal with an emergency. Others might say you won a prize or a sweepstakes but need to pay some fees to collect it.
Keep this advice in mind if you send money through a mobile payment app:
- Don’t send a payment to claim a prize or collect sweepstakes winnings.
- Don’t give your account credentials to anyone that contacts you.
- Protect your account with multi-factor authentication or a PIN.
- Before you submit any payment, double-check the recipient’s information to make sure you’re sending money to the right person.
- If you get an unexpected request for money from someone you do recognize, speak with them to make sure the request really is from them — and not a hacker who got access to their account.
What to Do if You Sent Money to a Scammer
If you find unauthorized payments or think you paid a scammer, here’s how to report it to the mobile payment app.
- Cash App.
Cash App recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Support. You can also get help through cash.app/help or by calling 1 (800) 969-1940.
Venmo recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Get Help. You can also email Venmo through their contact form or call them at 1 (855) 812-4430.
Report it online through PayPal’s Resolution Center or call PayPal at 1 (888) 221-1161.
--Information from Federal Trade Commison's Consumer Advice website
Tips to Help Safeguard Your Passwords:
If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.
ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:
- “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
- “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
- “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
- “Change your password immediately if a provider tells you your data may have been breached
- “Only use HTTPS sites for logging in
- “Don’t click on links or open attachments in unsolicited emails
- “Only download apps from official app stores
- “Invest in security software from a reputable provider for all your devices
- “Ensure all operating systems and applications are on the latest version
- “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”
--Information from KnowBe4 CyberHeist Newsletter & Blog
Tips for Online Shopping
With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.
- Software Updates
Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
- Password Protection
Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
- Avoid Public Wi-Fi
Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
- Know Your Vendor
Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information.
Tips to Avoid Becoming a Victim of Identity Theft
See Additional Safety Tips
- Keep passwords secure and always shred documents that contain any sensitive information.
- Do not carry your social security card with you.
- Sign the back of your debit and/or credit cards.
- Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
- Never give any of your personal information to anyone you don't know or trust.
- Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
- Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
- Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
- Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
My Identity Has Been Stolen. Now What Do I Do?!
If you have been the victim of identify theft, here are some steps to help you get your life back on track:
- Place a fraud alert on your credit report.
- When you place an alert on your credit, this will prevent any other account from being opened.
- You can request a report to see if any charges seem suspicious.
- Close the accounts you think could be affected.
- Contact someone in the fraud or security department of your financial institution.
- Follow up in writing with copies of any supporting documents.
- If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
- File a complaint with the Federal Trade Commission (FTC)
- When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
- File a report with the local police department
- Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.
Ways to Protect Your ID
Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:
- Monitor credit annually
- Use a P.O. Box
- Opt-out of junk mail / internal marketing lists / offers of credit
- Enroll in the "DO NOT CALL" registry with FTC (Federal Trade Commission); it's FREE!