Security Education
You can take definitive steps to keep yourself and your finances safer. Start by reading (or watching) what the Federal Deposit Insurance Corporation (FDIC) has to say about it.
Take Steps to Keep Yourself Safe Online
At Home Federal Bank, we uphold the highest cybersecurity standards to keep your information safe. Scams and fraud come in many shapes and sizes. If you suspect fraud on your account contact us directly and speak with a representative at 865-546-0910.
Online Security
The internet offers access to a world of products and services, entertainment, and information. At the same time, it creates opportunities for scammers, hackers, and identity thieves. Learn how to protect yourself from malware, spam, social engineering scams, and denial of service attacks.
Malware is any software used to disrupt computer operations, gather sensitive information, or gain unwanted access to your PC. There are many types of malware infections such as; Viruses, Worms, Trojans, Spyware, and Adware.
- Virus – A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be “infected”. Viruses often require some sort of user action (opening an email attachment or visiting a malicious website).
- Worm – A worm is a type of virus that can spread without human interaction. Worms often spread from computer to computer and take up valuable memory and network bandwidth, which can cause a computer to stop responding.
- Trojan – A Trojan horse is a malware computer program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. Trojan horses can be included in software that you download.
- Spyware – Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
- Adware – Software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Spam is electronic junk mail or junk newsgroup postings usually sent in bulk to large number of random accounts. Spam emails often contain ads for products and services.
Social engineering is the act of tricking someone into divulging confidential information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions. Social Engineering scams are often associated with phishing, SMiShing, and vishing. No matter how you are contacted – phone, e-mail, text message, or web – be wary of urgent appeals or outright demands that you provide personal data.
- Phishing – Phishing attacks use ‘spoofed’ emails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security numbers, etc. By hijacking the trusted brands of well-known financial institutions, online retailers and credit card companies, phishers are able to convince many recipients to provide personal and financial information.
- SMiShing – SMiShing is a form of phishing that uses mobile phone text messages to attract users into visiting fraudulent websites, call a phone number or download malicious content via phone or web.
- Vishing – Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward.
How does a DDoS Attack occur? A DDoS Attack is launched by a collection of networked computers which are referred to as a “botnet.” Often compromised computers can be part of a botnet without the owner’s knowledge. This can create further problems because the malicious traffic is coming from multiple IP addresses. The botnet is operated by a control server that tells the botnet when to send network traffic to the target website. With enough traffic, the target site is unable to process both the malicious traffic and the legitimate traffic.
Can a DDoS Attack be prevented? No, an attack cannot be prevented, but Home Federal can work with our website vendor to help mitigate the effect of a DDoS attack. Tactics generally involve analyzing inbound traffic to try to isolate the malicious traffic. Once isolated, the malicious traffic can be diverted, and traffic volume can be reduced to a normal level.
Fraud Prevention
Sadly, fraud is all too common in our world today and personal information is more vulnerable than ever. Anyone who uses the internet is a potential target for fraudsters. It’s not always easy to identify online fraud but knowing how to protect yourself against cybercrime can be your number one defensive measure. The tips below provide basic information on how you can keep yourself and computer safe.
- Avoid clicking on links inside of emails.
- Never open attachments unless you know the contents of the file. If you do not know the sender or are not expecting the attachment, delete it.
- Be suspicious of any email / text message / phone call with urgent requests for personal financial information.
- Don’t use the links in an email / text message to get to any web page, if you suspect the message might not be authentic. Don’t use the contact information in a suspect phone call requesting information – instead initiate the call yourself using known contact information.
- Ignore anything that comes by unsolicited email or as a pop-up such as contests, invitations to join a club, insurance, vacations, or other offers.
- Avoid filling out forms in email messages that ask for personal financial information. Do not provide your User ID, security word, PIN number, password, or other personal identifying information in an email.
- Always ensure that you’re using a secure web site when submitting credit card or other sensitive information via your Web browser. It should start with https:// which means that it uses encryption to protect your data.
- Use a unique password for each website, especially sensitive accounts.
- Enable two-step verification for sensitive websites and services.
- Only access the internet through a known, trusted and secure connection.
Did You Know?
You are personally responsible for the checks and money orders you deposit, not the financial institution. This is because you are in the best position to determine how risky the transaction is since you are dealing directly with the person issuing the payment.
Protect Yourself and Your Money
If you can answer “yes” to any of the following questions, you could be involved in a fraud or about to be scammed!
- Is the CHECK from an item you sold on the Internet, such as a car, boat, jewelry, etc?
- Is the amount of the CHECK more than the item’s selling price?
- Did you receive the CHECK via an overnight delivery service?
- Is the CHECK connected to communicating with someone by email?
- Are you receiving PAY or a COMMISSION for facilitating money transfers through your account?
- Have you been asked to PAY money to receive a deposit from another country such as Canada, England, or Nigeria?
- Have you been instructed to “WIRE”, “SEND”, OR “SHIP” MONEY, as soon as possible, to a large U.S. city or to another country, such as Canada, England, or Nigeria?
- Have you been informed that you were the winner of a LOTTERY, such as Canadian, Australian, El Gordo, or El Mundo, which you did not enter?
- Is the CHECK drawn on a business or individual account that is different from the person buying your item or product?
- Did you respond to an email requesting you to CONFIRM, UPDATE, OR PROVIDE your account information?
Types of Account Fraud include Checking, Credit Card, ATM
Account fraud is one of the fastest growing crimes in the nation. Home Federal Bank has safeguards to help prevent and detect account fraud, but it is YOUR knowledge, awareness and alertness that are the most important first lines of defense in preventing fraud.
Common Fraud Scams
- Telemarketing Fraud
- Nigerian Letter or “419” Fraud
- Identity Theft
- Advance Fee Schemes
- Health Care Fraud/Health Insurance Fraud
- Redemption/Strawman/Bond Fraud
Investment-Related Scams
- Letter of Credit Fraud
- Prime Bank Note Fraud
- Ponzi Schemes
- Pyramid Schemes
Minimize Your Risks to Prevent Fraud
- Protect your account & personal information – never respond to unsolicited requests for this information, whether it’s over the phone, through the mail or via the Internet.
- Online, only provide your credit card number on a secure web page, which is identified by the small lock icon (& is locked) displayed in the lower right corner of the browser.
- Use a single credit card, with low credit limit, for Internet purchases.
- Do Not Send credit card information via e-mail or instant messenger – neither is secure.
- Do Not Have confidential information preprinted on your checks.
- Report any lost or stolen credit cards or checks to the issuing institution immediately.
- Shred any documents containing confidential information, including unused checks (even if the account was closed), ATM receipts and old credit card receipts, before disposal.
- Review all account and credit card statements once they are received to determine that no account irregularities are apparent.
- Notify your bank if newly ordered checks or your regular statements do not arrive in a timely manner. A missing statement may mean someone has changed your billing address to prevent you from seeing fraudulent transactions.
- Deposit outgoing mail directly into post office boxes, not in your own mailbox. If you are going on vacation, place a delivery hold on your mail.
- Carry a minimum number of ID and credit cards. Do not carry your social security card, PIN numbers or passwords in your wallet or purse and make copies of all items that you do carry.
- Cancel and destroy any credit cards that you don’t need or use. View your credit report at least once a year.
For More Information Visit the FBI Fraud Center
- Monitor and review your banking account and statements. Regularly log into your online accounts and check your financial, credit and debit card statements to ensure that all transactions are legitimate.
- Check for any suspicious transactions and report them immediately.
- Guard your cards carefully to make sure no one steals your numbers. Chip cards are more secure than those with only the magnetic strip, so if you haven’t already made the switch, now is a good time to do it.
- Sign the back of your debit or credit card on the signature panel as soon you receive it.
- You should also be cautious about using ATMs anywhere other than your bank. Hackers can sometimes tamper with these third-party ATMs with devices called skimmers that steal your information.
- Report lost or stolen cards immediately.
- Never give out your debit or credit card number or personal information over the phone unless you initiated the call and verified who you are dealing with.
- Never store your card numbers online. Instead, consider using a service like PayPal to avoid inputting your debit card number on a third-party website when online shopping.
- Set up alerts on your account through Online Banking so you can monitor activity even if not logging into the system.
- Install security and antivirus protection. Firewalls, antivirus, and other protection devices help keep a computer safe. These tools are important in order to protect your computer and data. A good firewall is critical if you commonly access the Internet via a wireless connection.
- Keep your operating system, browsers and other critical software optimized by installing patches and updates.
- Sign off, shut down, disconnect. Always sign off or logout from your online banking session or any other Web site that you’ve logged into using a user ID and password. When a computer is not in use, it should be shut down or disconnected from the Internet.
- Create secure backups of important data on a regular basis.
- Someone sends you a check or money order, then asks you to deposit the item into your account and wire transfer money out of your account
- Requests money using your credit or debit card number
- Asks you to purchase gift cards to send them
- Receiving notice that you have won a lottery, sweepstakes, or car
- Being asked to cash a check/money order or to allow transfer of funds to your account, and then offered to keep a percentage of the funds
- Clicking on a pop-up message that says your computer has a virus and you need to pay to fix it and they request your card number for payment
- Receiving a phone call and you are told that you owe back taxes and can pay them by purchasing gift cards from online merchants and you must send the gift cards to them
- Receiving a phone call and you are told a relative has been put in jail and you can get them out by sending them gift cards or bit coins
Elder Fraud
While fraud scams can happen to anyone, elderly people are targets for even more fraudulent activity specific to their age group. They’re generally known for being more trusting, good-natured and kind-hearted people, leaving them more susceptible to types of fraud like phone scams or wire transfer fraud. Many scammers call offering lottery winnings, sweepstake prizes, or even health care services. These false promises help them gain access to financial and personal information.
- As a good rule of thumb, make sure seniors ignore anything that comes by unsolicited email or as a pop-up such as contests, invitations to join a club, insurance, vacations, or other offers. The same holds true for installing software; free apps downloaded from pop-ups are almost always riddled with malware that can steal their personal information and compromise a system.
- Do not respond to scammers; for instance, if they receive email spam about their bank account information and they do not actually have an account with that company, they should not respond saying that they do not have such an account, as this validates that their email and identify they are real.
- If seniors shop or do banking online, make sure they keep an eye on the address bar and that the address looks correct. It should start with https:// which means that it uses encryption to protect your data. The address should also reflect the site they expect to visit.
- Following a link can take them to a site that mimics a legitimate one, but is designed to steal personal information, accept payments that will go to scammers, or implant malware into their system.
- When seniors set up a bank account, they should go to the actual bank, if possible, and set up their account there. This way, the bank also can help familiarize them with their particular security measures. Ask bank representatives if they have an alert system that will text or call if someone compromises their account.
- If seniors are having trouble with their computer, seek professional assistance. They should not engage with people over the internet to repair their computer unless they know the individual. Be aware that imposters will impersonate notable brands and companies.
- Make sure seniors find a friend or relative who can help them if they get stuck with something they don’t understand or aren’t sure about.
Mobile Security
Your smartphone has a lot in common with your computer and criminals know you’re literally carrying a small PC in your pocket and will do all they can to access your personal information. Following a few simple steps you can dramatically reduce your risk of having your money and identity stolen.
- Password-protect your smartphone. Set your phone to use a longer and stronger password than the default 4-digit unlock code if this option is available on your phone.
- Always lock your phone when it’s not in use. Set your phone to automatically lock after being idle for a set amount of time.
- Set your phone to erase all data after 10 bad password attempts.
- Clear data from your smartphone frequently.
- Always download apps from reputable sources.
- Remove personal information before replacing your smartphone. Delete text messages from financial institutions, especially before sharing, discarding, or selling your phone.
- Be careful using unsecured “public” wireless networks. Unsecured networks may allow hackers to distribute malicious code to your devices or even intercept your personal details.
- Be aware of risks associated with jailbroken devices. Jailbreaking your device removes restrictions off your device in order to install unauthorized software or to customize its features. By jailbreaking your device, you remove the security restrictions enacted by the manufacturer which helps to keep your data safe.
What is Identity Theft?
Identity theft occurs when someone uses your identity or personal information—such as your name, your driver’s license, or your Social Security number—without your permission to commit a crime or fraud. Your identity and personal information is always at risk and can be stolen long before you realize you’re a victim. In most cases of identity theft, you don’t find out you are a victim until you review your credit card statement or receive notices in the mail about new accounts you didn’t open, charges you didn’t make, or until you’re contacted by a debt collector.
Being a victim of identity theft can affect you through immediate financial loss, damage to your credit, emotional distress, plus time and energy to resolve. Identity theft puts your personal information at risk, globally, to individuals and organized crime while going unnoticed.
That damage can result in late payments, harm done to your credit, and even IRS penalties requiring investigations and long-term assistance if you are a tax ID theft victim. It can also result in losing account access, having your personal accounts taken over by thieves and general loss of data privacy.
- Make your User ID and Password as long, secure, and complex as possible. Avoid using a password or a variation of a password that you already use on another website. Also, avoid using any variation of your name, or names of family members or pets, as these can sometimes be found on social media.
- Don’t send sensitive information via email unless it is encrypted.
- Never leave your computer unattended. Complete your banking tasks and end your web sessions by logging off.
- Be careful how much personal information you post online. When visiting social networks, remember that sharing information like your birth date, phone number, email address, location and photos can put your identity at risk.
- Never write down PINs and passwords.
- If you think you are a victim of identity theft immediately submit a report about the theft to the Federal Trade Commission’s website.
- Call the companies where you know fraud occurred.
- Place a fraud alert and get your credit reports.
- Experian – 1-888-397-3742
- TransUnion – 1-800-680-7289
- Equifax – 1-888-766-0008
- File a report with your local police department.
- Close any new accounts that were opened in your name.
- Remove bogus charges from your accounts.
- Correct your credit report.
- Subscribe to an identity theft protection service.
Distributed Denial of Service (DDoS)
Many Financial Institutions have experienced Distributed Denial of Service Attacks. Here is some information regarding the attacks.
A Distributed Denial of Service Attack is an attempt to make a website unavailable to its intended users. These attacks follow a common formula of flooding the website server with external communication requests so that it cannot respond to legitimate traffic, or it responds so slowly that it is rendered effectively unavailable.
A DDoS Attack is launched by a collection of networked computers which are referred to as a “botnet.” Often compromised computers can be part of a botnet without the owner’s knowledge. This can create further problems because the malicious traffic is coming from multiple IP addresses. The botnet is operated by a control server that tells the botnet when to send network traffic to the target website. With enough traffic, the target site is unable to process both the malicious traffic and the legitimate traffic.
No, an attack cannot be prevented, but Home Federal can work with our website vendor to help mitigate the effect of a DDoS attack. Tactics generally involve analyzing inbound traffic to try to isolate the malicious traffic. Once isolated, the malicious traffic can be diverted, and traffic volume can be reduced to a normal level.
No, a DDoS Attack by itself does not involve any sensitive information being taken. The attack only makes the website unavailable and inconveniences those trying to access it.
No, DDoS Attacks are not unique to any particular service provider or any particular industry. During the first quarter of 2012, financial firms have seen a threefold increase in DDoS Attacks over last year.
Phishing Information
Ever get an email about the status of your account? Perhaps it presented one of the following scenarios…
- We show your account is currently frozen/disabled due to some recent activity…
- Due to inactivity your account is about to be deleted from our system unless…
- To keep your account active, we need some information updated as soon as possible…
Welcome to the world of “phishing”. The message probably provided a link for you to access “your account” and “update” or “confirm” your information. The site you access may look exactly like the site of your trusted institution – but it isn’t them!
You have been directed to a site where you will be asked for personal account related information so that fraudsters may gain access to this account and potentially other accounts you own as well as information for potentially trying to open credit accounts in your name.
Some tips for you to follow:
- Be wary of these types of messages. If ever unsure contact us directly and speak with a representative at 865-546-0910
- Never provide personal info via a link – even if the email looks legit go directly to our website
- Check your account activity so you can monitor activity even if not logging into the system.
- Set up alerts on your account through Online Banking so you can monitor activity even if not logging into the system.
- Set up the “Successful Log In” security alert so you know when someone has accessed your account.
Don’t get hooked by these attempts to access your information. We are here to help protect your accounts, but taking actions together we can do an even better job.