Fraud Information Center

Each year more and more Americans are victims of fraud. Home State Bank is dedicated to assisting its customers in protecting their private information.

Stay Informed

We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed.  Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.  

 Glossary of Terms

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be.  Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.
Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.
Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.
Smishing is a form of phishing that uses mobile phones as the attack platform.  This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

 Fraud Alerts

Updated August 8, 2022

Travel Cyber-Safe This Summer

Summer is a popular time to travel whether it be for a relaxing overnight or a week away exploring a new destination. You are likely taking along that smartphone or other device to assist with directions, locating or identifying points of interest, and capturing that special photo. Practicing good cyber hygiene before, during, and after your trip will help secure your devices and allow you to connect with confidence when you're away from home.

Quick note if you are traveling with business equipment: It's best that you leave your work devices behind, however, if you can't leave home without them, ensure that you are following your organizations policies and procedures for protecting the devices and the information they contain while traveling.

   Before You Travel
  • Update your devices. Updating devices will fix security flaws and help keep you protected. Whether it’s your computer, smartphone, or gaming device, be sure to update your operating system, applications, antivirus and malware software, and the like. If you haven’t already turned-on automatic updates, now is a good time to consider doing so.
  • Back up your devices. Back up information such as contacts, financial data, photos, videos, and other data in case a device is compromised during travel and you have to reset it to factory settings.
   During Your Travel
  • Guard your devices. Your devices are valuable, but your sensitive information is as well. Always keep your devices close at hand and secure in taxis, security checkpoints, airplanes, rentals homes, and hotel rooms.
  • Securely recharge. Never plug your phone into a USB public charging station, such as those in the airport or in hotel room lamp or clock radio inputs, as these cannot be trusted. Malicious individuals can hijack your session or install malware on your device through those seemingly-harmless means. Always connect using your own power adapter connected to a power outlet.
  • Delete data from your rental car. If you connect your phone to a rental car for navigation or other purpose, be sure to securely remove the device so that other individuals do not have access to your address book, device name, text messages (hands free calling), or other sensitive information.
  • Avoid public Wi-Fi. While public networks are convenient, they are a security risk. Avoid connecting to public Wi-Fi unless absolutely necessary. Instead, consider using your phone carrier’s internet connection or use your phone as a personal hotspot if your plan allows. If you do need to connect to public Wi-Fi, verify with the establishment the name of the network and use a virtual private network (VPN), software that will encrypt your internet traffic and prevent others from stealing your data. Verifying the network name is important as often times malicious individuals create similar connection points with a slight misspelling, hoping you will instead connect to their network.
  • Turn off auto connect. While auto connect is enabled, devices will seek out and connect to available networks or Bluetooth devices. This could allow cyber criminals to access your device without you knowing it. Disable auto connect, Bluetooth connectivity and near field communication (NFC), like airdrop, so that you can select the network and you can control the connection.
  • Limit what you share. Limit the information you share on social media while on vacation and consider posting updates about your trip after you return. Revealing too much information while away can put you and others at risk. Criminals can gain useful information from such posts, like knowing you are away from your home. Scammers may even attempt to contact your family and friends with a variety of scam tactics. Additionally, consider setting your social media accounts to only allow friends to view your posts.
  • Avoid the use of public computers. Public computers such as hotel business centers and internet cafes are often poorly managed and provide minimal security protection for users. If you must use a public computer, do not enter any username or password on the computer and do not connect or transfer data via thumb drive/USB.
   When You Return Home
  • Shred your boarding pass and luggage tag. Scannable codes on boarding passes and luggage tags include full name, date of birth, and passenger name record. These can also contain sensitive data from your airline record, like passport number, phone number, email address, and other information that you wouldn’t want to share publicly. For this same reason, never post boarding passes on social media.
  • Scan for virus and malware. It’s best to update your security software when you return home and scan for virus and malware to be sure your device has not been compromised while you were away.

--Information from FS-ISAC Monthly Cybersecurity Tips June Newsletter

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Instances of phishing attacks increased by 266 percent this year. The bloom is back on phishing attacks, with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday July 26th.

According to researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the previous year. Likewise, fake Facebook messages are up 177 percent within the same timeframe in the second quarter of 2022.

The report revealed the most popular days for sending phishing emails is between Monday and Wednesday . Less than 20 percent of malicious emails are sent on the weekend.

Phishing attacks are more sophisticated than ever, wrote Adrien Gendre, chief tech and product officer at Vade in an email to Threatpost. Hackers have an arsenal of tools at their disposal to manipulate end users and evade email security, including phishing kits that can identify when a vendor is scanning them.

It is extremely important for everyone to stay vigilant in their day-to-day operations. Remember to always Think Before You Click.

--Information provided by BankOnIT USA

Don’t click on that random text. It’s a SCAM!

Sorry to burst your bubble. That unexpected text from the Postal Service (USPS), Costco, or The Home Depot telling you about an unclaimed package or a survey you can complete to claim a freebie is NOT from them. It’s a scam.

The FTC has seen a spike in reports from people getting text messages that look like they’re from well-known names like USPS, Costco, or The Home Depot and others. Spoiler alert: they’re from impersonators. The details vary, but the scammers are after the same thing: your money and your personal information. You may get a text from scammers pretending to be USPS and asking you to confirm your debit card details so you can get an undelivered package. Or you might get texts about a chance to win a free gift card or a power tool. To claim your “reward,” you’re told to click on the link, answer some questions, and pay for shipping. Don’t do it.

If you click on those links and submit your card information, you’ll ending up with nothing — but you’ll find unauthorized charges posted to your account.

No matter what the unexpected text says, the advice is the same.

  • Don’t click on links or respond to unexpected texts — including ones asking you to fill out surveys to get free items. If you think it could be legit, contact the company using a website or phone number you know is real. Don’t use the information in the text message.
  • Don’t pay to get a package redelivered. The real USPS won’t contact you out of the blue about a delivery (unless you submitted a request first and give a tracking number) — and they’ll never demand payment to redeliver a package.

Already paid or gave your information to a scammer? Check out What to Do If You Were Scammed to learn more about asking for a refund. And see what to do next if your identity has been stolen.

--Information provided by Federal Trade Commission Consumer Advice website

Gift Card Scams

Someone might ask you to pay for something by putting money on a gift card, like Walmart, Target, Google Play or iTunes card, and then giving them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card.  Anyone who demands to be paid with a gift card is a scammer.

    What Gift Card Scams Looks Like

Gift cards are for gifts, not for payments. But they’re popular with scammers because they’re easy for people to find and buy, and they have fewer protections for buyers compared to some other payment options. They’re more like cash: once you use the card, the money on it is gone. Scammers like this.

If someone calls you and demands that you pay them with gift cards, you can bet that a scammer is behind that call. Once they have the gift card number and the PIN, they have your money. Scammers may tell you many stories to get you to pay them with gift cards, but this is what usually happens:

  • The caller says it’s urgent. The scammer says you have to pay right away or something terrible will happen. But you don’t, and it won’t.
  • The caller usually tells you which gift card to buy. They might say to put money on an Walmart, Target, or Apple gift card. They might send you to a specific store — often Walmart, Target, CVS, or Walgreens. Sometimes they say to buy cards at several stores, so cashiers won’t get suspicious. And, the caller might stay on the phone with you while you go to the store and load money onto the card. These are all signs of a scam.
  • The caller asks you for the gift card number and PIN. The card number and PIN on the back of the card let the scammer get the money you loaded onto the card. And the scammer gets it right away.
    How Scammers Convince You to Pay with Gift Cards

Scammers pretend to be someone they’re not to convince you to pay with gift cards. They want to scare or pressure you into acting quickly, so you don’t have time to think or talk to someone you trust. Here’s a list of common gift card scams and schemes:

  • The caller says they’re from the government — maybe the IRS or the Social Security Administration. They say you have to pay taxes or a fine, but it’s a scam.
  • Someone calls from tech support, maybe saying they’re from Apple or Microsoft, saying there’s something wrong with your computer. But it’s a lie.
  • You meet someone special on a dating website, but then he needs money and asks you to help him. This romance scammer makes up any story to trick you into sending him gift cards.
  • The scammer pretends to be a friend or family member in an emergency and asks you to send money right away — but not tell anyone. This is a scam. If you’re worried, hang up and call your friend or relative to check that everything is all right.
  • Someone says you’ve won a prize but first, you have to pay fees or other charges with a gift card. Remember: no honest business or agency will ever make you pay with a gift card. But also — did you even enter that sweepstakes?
  • The caller says she’s from your power company, or another utility company. She threatens to cut off your service if you don’t pay immediately. But utility companies don’t work that way. It’s a scam.
  • You get a check from someone for way more than you expected. They tell you to deposit the check, then give them the difference on a gift card. But that check will be fake and you’ll be out all that money.
    Report Fraud

If someone asks you to pay them with gift cards:

  • Report it to the Federal Trade Commission at ReportFraud.ftc.gov. Report it even if you didn’t pay. Your report helps law enforcement stop scams.
  • You can also report it to your State Attorney General.
  • If you lost money, also report it to local law enforcement. A police report may help when you deal with the card issuer.

--Information provided by Federal Trade Commission Consumer Advice website

Mobile Payment Apps: How to Avoid a Scam

You may have heard of mobile payment apps like Venmo, Cash App, or PayPal that let you send and receive money through your smartphone (or online). If you haven't used one before, here's how they work.

  • First, you download the mobile payment app, and create an account. You’ll have to choose a payment method or source of funds, like a bank account, a debit card, or a credit card.
  • Once you set up the account, you can send and receive money. When someone sends you money, the money doesn't go directly to your bank account. It gets added to your balance in the app. You can leave the money there to use later or transfer it to your bank account.
   How to Avoid Sending Money to Scammers

Some scammers may try to trick you into sending them money through a mobile payment app. That’s because they know once you do, it’s hard for you to get your money back.  Scammers might also pretend to be a loved one who’s in trouble and ask you for money to deal with an emergency. Others might say you won a prize or a sweepstakes but need to pay some fees to collect it.

Keep this advice in mind if you send money through a mobile payment app:

  • Don’t send a payment to claim a prize or collect sweepstakes winnings.
  • Don’t give your account credentials to anyone that contacts you.
  • Protect your account with multi-factor authentication or a PIN.
  • Before you submit any payment, double-check the recipient’s information to make sure you’re sending money to the right person.
  • If you get an unexpected request for money from someone you do recognize, speak with them to make sure the request really is from them — and not a hacker who got access to their account.
   What to Do if You Sent Money to a Scammer

If you find unauthorized payments or think you paid a scammer, here’s how to report it to the mobile payment app.

  • Cash App.    
    Cash App recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Support. You can also get help through cash.app/help or by calling 1 (800) 969-1940.
  • Venmo.
    Venmo recommends chatting through their app for the fastest service. To do so, open the app, go to your profile, and choose Get Help. You can also email Venmo through their contact form or call them at 1 (855) 812-4430.
  • PayPal.
    Report it online through PayPal’s Resolution Center or call PayPal at 1 (888) 221-1161.

--Information from Federal Trade Commison's Consumer Advice website

 Tips to Help Safeguard Your Passwords:

If you’re like most people and recycle the same password, or use a close derivative of it, across multiple accounts, then you’re making things even easier for attackers and put yourself at additional risk of identity theft and fraud. The most common password of 2020 was ‘123456’, followed by ‘123456789’. Coming in at number four was the one and only ‘password’.

ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:

  • “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
  • “Avoid reusing your login credentials across multiple accounts and making other common password mistakes
  • “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
  • “Change your password immediately if a provider tells you your data may have been breached
  • “Only use HTTPS sites for logging in
  • “Don’t click on links or open attachments in unsolicited emails
  • “Only download apps from official app stores
  • “Invest in security software from a reputable provider for all your devices
  • “Ensure all operating systems and applications are on the latest version
  • “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”

--Information from KnowBe4 CyberHeist Newsletter & Blog

Tips for Online Shopping

With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.

  • Software Updates
    Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.
  • Password Protection
    Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.
  • Avoid Public Wi-Fi
    Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.
  • Know Your Vendor
    Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information. 

 Tips to Avoid Becoming a Victim of Identity Theft

  1. Keep passwords secure and always shred documents that contain any sensitive information.
  2. Do not carry your social security card with you.
  3. Sign the back of your debit and/or credit cards.
  4. Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
  5. Never give any of your personal information to anyone you don't know or trust.
  6. Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
  7. Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
  8. Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
  9. Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
See Additional Safety Tips

 My Identity Has Been Stolen. Now What Do I Do?!

If you have been the victim of identify theft, here are some steps to help you get your life back on track:

  1. Place a fraud alert on your credit report.
    • When you place an alert on your credit, this will prevent any other account from being opened.
    • You can request a report to see if any charges seem suspicious.
  2. Close the accounts you think could be affected.
    • Contact someone in the fraud or security department of your financial institution.
    • Follow up in writing with copies of any supporting documents.
    • If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
  3. File a complaint with the Federal Trade Commission (FTC)
    • When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
  4. File a report with the local police department
    • Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.

 Ways to Protect Your ID

Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:

Questions?

If you have any questions about any of the services we offer, please call us at 877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.

Back to Top

Internet Explorer 11 is outdated. For improved security and optimized performance we highly recommend upgrading your browser. ChromeFirefoxEdge