Site Notice:

Welcome to Our New Website!

Fraud Information Center

Each year more and more Americans are victims of fraud. Home State Bank is dedicated to assisting its customers in protecting their private information.

Stay Informed

We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed.  Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.  

 Glossary of Terms

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be.  Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
Smishing is a form of phishing that uses mobile phones as the attack platform.  This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

 Fraud Alerts

New Omicron-Themed Phishing Attack is Now Running Rampant

A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer.

“Over the past few weeks, one of the Dridex phishing email distributors is having fun toying with victims and researchers,” Abrams writes. “This was first seen when the threat actor began trolling security researchers by using their names combined with racist comments as malware file names and email addresses.

Earlier this week, the threat actor spammed fake employee termination letters that displayed an alert stating, ‘Merry X-Mas Dear Employees!’ after infecting their device. In a new phishing campaign discovered by MalwareHunterTeam and 604Kuzushi, this same threat actor took it to the next level by spamming emails with a subject of ‘COVID-19 testing result’ that states the recipient was exposed to a coworker who tested positive to the Omicron COVID-19 variant.”

If the victim opens the Excel document and enables macros, their device will be infected with the Dridex banking Trojan. In a poor attempt at humor, the document will then display a popup showing the COVID-19 Funeral Assistance Helpline number.

“With the COVID-19 variant being highly contagious and rapidly spreading worldwide, phishing emails about the Omicron variant are becoming popular and are likely highly effective in distributing malware,” Abrams writes. “This is especially true if the phishing campaign pretends to be from a company's human resources department and targets employees from the same company."

--Information from KnowBe4 Security Awareness Training Blog

 Netflix is Latest Impersonated Brand in Ongoing Subscriber Targeting Scams

With the increased interest in and availability of movie and TV streaming services, plenty of new scams are popping up attempting to steal personal details and credit card information.

This past year, we’ve seen for the first-time brand-new movies being sent to both theaters AND direct to paid streaming services. It’s one of the reasons there is so much uptick in streaming service use. But, according to security researchers at Kaspersky, more streaming service-related scams are popping up, with Netflix in particular. We’ve seen Netflix top the charts of impersonated brands in 2020, and giving the rise in interest in streaming services in 2021, it makes sense that the Netflix brand is being misused for nefarious purposes. According to the article, scammers are using one of two themes to attract the attention of would-be victims:

  • An opportunity to subscribe – using little more than a great deal as an incentive, scammers create realistic-looking landing pages used to capture victim’s personal and payment details, such as the one below.
  • A payment issue with an existing account – Netflix users can be easily tricked with a “there was a problem with your payment method”-type of email, with the scam ending in the victim offering up their credit card details.

These attacks can just as easily use social engineering tactics that get victims to download and open PDF documents, Office documents, or malicious email attachments, making the use of the impersonated brand a particularly dangerous aspect of a phishing scam. With the brand known to the victim, defenses are down when interacting with the email received.

--Information from KnowBe4 Security Awareness Training Blog

 Spam Calling Rates Spike Globally

Spam calls in the US spiked in October, according to Truecaller’s annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month.

Interestingly, the report found that, while the US was the second most-spammed country in 2020, it dropped to the twentieth place on the list in 2021. This wasn’t due to a decrease in spam in the US, however, but was instead the result of an increase in spam calls in other countries. The researchers offer the following findings about spam calls around the world:

“Over 202 million spam calls were made by just one spammer in India. That's over 664,000 people that were disturbed by spam calls every day and 27,000 people every hour - from just one phone number.

“Brazil has retained its title of the most spammed country in the world (four years in a row) with 32.9 spam calls per user per month. There is a significant gap between the average number of spam calls received in Brazil (32.9 calls per user per month) versus Peru (18.02 calls per user per month), which stands in the second position.

“The rankings look very different when comparing the average number of incoming spam calls, vs. SMS messages per user per month. Cameroon tops the list, followed by Somalia, Tanzania, Congo, Burkina Faso, Ivory Coast, Benin, and more. SMS spam is largely affecting users across the African continent.

“South Africa was typically one of the most spammed countries in the world: fifth in 2017, fourth in 2018 and sixth in 2019. It dropped sharply to seventeenth place in 2020 and has again jumped back up to ninth place this year.

“In the top 20 countries - Brazil is in a class of its own. The next 10 countries in the list are comparable in terms of number of spam calls received. And the last nine are in a group of their own, between 4.5 to 6.7 spam calls per user per month.

--Information from KnowBe4 Security Awareness Blog

 Tips to Help Safeguard Your Passwords:

If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.

ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:

  • “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
  • “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
  • “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
  • “Change your password immediately if a provider tells you your data may have been breached
  • “Only use HTTPS sites for logging in
  • “Don’t click on links or open attachments in unsolicited emails
  • “Only download apps from official app stores
  • “Invest in security software from a reputable provider for all your devices
  • “Ensure all operating systems and applications are on the latest version
  • “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”

--Information from KnowBe4 CyberHeist Newsletter & Blog

Tips for Online Shopping

With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.

  • Software Updates
    Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
  • Password Protection
    Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
  • Avoid Public Wi-Fi
    Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
  • Know Your Vendor
    Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information. 

 Tips to Avoid Becoming a Victim of Identity Theft

  1. Keep passwords secure and always shred documents that contain any sensitive information.
  2. Do not carry your social security card with you.
  3. Sign the back of your debit and/or credit cards.
  4. Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
  5. Never give any of your personal information to anyone you don't know or trust.
  6. Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
  7. Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
  8. Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
  9. Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
See Additional Safety Tips

 My Identity Has Been Stolen. Now What Do I Do?!

If you have been the victim of identify theft, here are some steps to help you get your life back on track:

  1. Place a fraud alert on your credit report.
    • When you place an alert on your credit, this will prevent any other account from being opened.
    • You can request a report to see if any charges seem suspicious.
  2. Close the accounts you think could be affected.
    • Contact someone in the fraud or security department of your financial institution.
    • Follow up in writing with copies of any supporting documents.
    • If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
  3. File a complaint with the Federal Trade Commission (FTC)
    • When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
  4. File a report with the local police department
    • Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.

 Ways to Protect Your ID

Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:

Questions?

If you have any questions about any of the services we offer, please call us at 877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.

Back to Top

Internet Explorer 11 is outdated. For improved security and optimized performance we highly recommend upgrading your browser. ChromeFirefoxEdge