We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed. Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.
Glossary of Terms
There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.
|Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
|Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
|Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
|Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.
Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.
Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.
|Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
Travel Cyber-Safe This Summer
Summer is a popular time to travel whether it be for a relaxing overnight or a week away exploring a new destination. You are likely taking along that smartphone or other device to assist with directions, locating or identifying points of interest, and capturing that special photo. Practicing good cyber hygiene before, during, and after your trip will help secure your devices and allow you to connect with confidence when you're away from home.
Quick note if you are traveling with business equipment: It's best that you leave your work devices behind, however, if you can't leave home without them, ensure that you are following your organizations policies and procedures for protecting the devices and the information they contain while traveling.
Before You Travel
- Update your devices. Updating devices will fix security flaws and help keep you protected. Whether it’s your computer, smartphone, or gaming device, be sure to update your operating system, applications, antivirus and malware software, and the like. If you haven’t already turned-on automatic updates, now is a good time to consider doing so.
- Back up your devices. Back up information such as contacts, financial data, photos, videos, and other data in case a device is compromised during travel and you have to reset it to factory settings.
During Your Travel
- Guard your devices. Your devices are valuable, but your sensitive information is as well. Always keep your devices close at hand and secure in taxis, security checkpoints, airplanes, rentals homes, and hotel rooms.
- Securely recharge. Never plug your phone into a USB public charging station, such as those in the airport or in hotel room lamp or clock radio inputs, as these cannot be trusted. Malicious individuals can hijack your session or install malware on your device through those seemingly-harmless means. Always connect using your own power adapter connected to a power outlet.
- Delete data from your rental car. If you connect your phone to a rental car for navigation or other purpose, be sure to securely remove the device so that other individuals do not have access to your address book, device name, text messages (hands free calling), or other sensitive information.
- Avoid public Wi-Fi. While public networks are convenient, they are a security risk. Avoid connecting to public Wi-Fi unless absolutely necessary. Instead, consider using your phone carrier’s internet connection or use your phone as a personal hotspot if your plan allows. If you do need to connect to public Wi-Fi, verify with the establishment the name of the network and use a virtual private network (VPN), software that will encrypt your internet traffic and prevent others from stealing your data. Verifying the network name is important as often times malicious individuals create similar connection points with a slight misspelling, hoping you will instead connect to their network.
- Turn off auto connect. While auto connect is enabled, devices will seek out and connect to available networks or Bluetooth devices. This could allow cyber criminals to access your device without you knowing it. Disable auto connect, Bluetooth connectivity and near field communication (NFC), like airdrop, so that you can select the network and you can control the connection.
- Limit what you share. Limit the information you share on social media while on vacation and consider posting updates about your trip after you return. Revealing too much information while away can put you and others at risk. Criminals can gain useful information from such posts, like knowing you are away from your home. Scammers may even attempt to contact your family and friends with a variety of scam tactics. Additionally, consider setting your social media accounts to only allow friends to view your posts.
- Avoid the use of public computers. Public computers such as hotel business centers and internet cafes are often poorly managed and provide minimal security protection for users. If you must use a public computer, do not enter any username or password on the computer and do not connect or transfer data via thumb drive/USB.
When You Return Home
- Shred your boarding pass and luggage tag. Scannable codes on boarding passes and luggage tags include full name, date of birth, and passenger name record. These can also contain sensitive data from your airline record, like passport number, phone number, email address, and other information that you wouldn’t want to share publicly. For this same reason, never post boarding passes on social media.
- Scan for virus and malware. It’s best to update your security software when you return home and scan for virus and malware to be sure your device has not been compromised while you were away.
--Information from FS-ISAC Monthly Cybersecurity Tips June Newsletter
Mobile Payment Apps: How to Avoid a Scam
You may have heard of mobile payment apps like Venmo, Cash App, or PayPal that let you send and receive money through your smartphone (or online). If you haven't used one before, here's how they work.
- First, you download the mobile payment app, and create an account. You’ll have to choose a payment method or source of funds, like a bank account, a debit card, or a credit card.
- Once you set up the account, you can send and receive money. When someone sends you money, the money doesn't go directly to your bank account. It gets added to your balance in the app. You can leave the money there to use later or transfer it to your bank account.
How to Avoid Sending Money to Scammers
Some scammers may try to trick you into sending them money through a mobile payment app. That’s because they know once you do, it’s hard for you to get your money back. Scammers might also pretend to be a loved one who’s in trouble and ask you for money to deal with an emergency. Others might say you won a prize or a sweepstakes but need to pay some fees to collect it.
Keep this advice in mind if you send money through a mobile payment app:
- Don’t send a payment to claim a prize or collect sweepstakes winnings.
- Don’t give your account credentials to anyone that contacts you.
- Protect your account with multi-factor authentication or a PIN.
- Before you submit any payment, double-check the recipient’s information to make sure you’re sending money to the right person.
- If you get an unexpected request for money from someone you do recognize, speak with them to make sure the request really is from them — and not a hacker who got access to their account.
What to Do if You Sent Money to a Scammer
If you find unauthorized payments or think you paid a scammer, here’s how to report it to the mobile payment app.
- Cash App.
Cash App recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Support. You can also get help through cash.app/help or by calling 1 (800) 969-1940.
Venmo recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Get Help. You can also email Venmo through their contact form or call them at 1 (855) 812-4430.
Report it online through PayPal’s Resolution Center or call PayPal at 1 (888) 221-1161.
--Information from Federal Trade Commison's Consumer Advice website
Netflix is Latest Impersonated Brand in Ongoing Subscriber Targeting Scams
With the increased interest in and availability of movie and TV streaming services, plenty of new scams are popping up attempting to steal personal details and credit card information.
This past year, we’ve seen for the first-time brand-new movies being sent to both theaters AND direct to paid streaming services. It’s one of the reasons there is so much uptick in streaming service use. But, according to security researchers at Kaspersky, more streaming service-related scams are popping up, with Netflix in particular. We’ve seen Netflix top the charts of impersonated brands in 2020, and giving the rise in interest in streaming services in 2021, it makes sense that the Netflix brand is being misused for nefarious purposes. According to the article, scammers are using one of two themes to attract the attention of would-be victims:
- An opportunity to subscribe – using little more than a great deal as an incentive, scammers create realistic-looking landing pages used to capture victim’s personal and payment details, such as the one below.
- A payment issue with an existing account – Netflix users can be easily tricked with a “there was a problem with your payment method”-type of email, with the scam ending in the victim offering up their credit card details.
These attacks can just as easily use social engineering tactics that get victims to download and open PDF documents, Office documents, or malicious email attachments, making the use of the impersonated brand a particularly dangerous aspect of a phishing scam. With the brand known to the victim, defenses are down when interacting with the email received.
--Information from KnowBe4 Security Awareness Training Blog
Tips to Help Safeguard Your Passwords:
If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.
ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:
- “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
- “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
- “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
- “Change your password immediately if a provider tells you your data may have been breached
- “Only use HTTPS sites for logging in
- “Don’t click on links or open attachments in unsolicited emails
- “Only download apps from official app stores
- “Invest in security software from a reputable provider for all your devices
- “Ensure all operating systems and applications are on the latest version
- “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”
--Information from KnowBe4 CyberHeist Newsletter & Blog
Tips for Online Shopping
With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.
- Software Updates
Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
- Password Protection
Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
- Avoid Public Wi-Fi
Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
- Know Your Vendor
Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information.
Tips to Avoid Becoming a Victim of Identity Theft
See Additional Safety Tips
- Keep passwords secure and always shred documents that contain any sensitive information.
- Do not carry your social security card with you.
- Sign the back of your debit and/or credit cards.
- Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
- Never give any of your personal information to anyone you don't know or trust.
- Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
- Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
- Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
- Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
My Identity Has Been Stolen. Now What Do I Do?!
If you have been the victim of identify theft, here are some steps to help you get your life back on track:
- Place a fraud alert on your credit report.
- When you place an alert on your credit, this will prevent any other account from being opened.
- You can request a report to see if any charges seem suspicious.
- Close the accounts you think could be affected.
- Contact someone in the fraud or security department of your financial institution.
- Follow up in writing with copies of any supporting documents.
- If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
- File a complaint with the Federal Trade Commission (FTC)
- When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
- File a report with the local police department
- Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.
Ways to Protect Your ID
Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:
- Monitor credit annually
- Use a P.O. Box
- Opt-out of junk mail / internal marketing lists / offers of credit
- Enroll in the "DO NOT CALL" registry with FTC (Federal Trade Commission); it's FREE!