Fraud Information Center

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.

Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.

Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.

Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Whaling is a cyberattack that involves impersonating a high-ranking executive to steal money or sensitive information from an organization. It is also known as "whale phishing"

Quishing is short for "QR Code Phishing" involves obtaining sensitive information or install malware by directing people to malicious websites or fake payment websites. 

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Doxing is the action or process of searching for and publishing private or identifying information about a particular individual on the internet, typically with malicious intent.

Juice Jacking refers to the threat of malicious access gained to your phone or other USB devices when plugged into a public charging kiosk - such as at an airport or sporting event.

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Scareware is malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Passkey is a digital credential, tied to a user account and a website or application.  Passkeys allow users to authenticate without having to enter a username or password, or provide any additional authentication factor.

Spoofing is where a person or program disguises their identity by faking information, such as an email address, phone number, or IP address, to appear as a trusted source. The goal is to gain a victim's trust to steal sensitive information, money, or spread malware. It can take many forms, including but not limted to, fake websites, emails, phone calls, and even faked GPS signals.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

Artifical Intelligence (AI) is a technology that allows you to generate, classify, and perform tasks like image analysis and speech recognition. AI encompasses a range of technologies, including machine learning, that allow computers to perform tasks requiring human cognitive functions, such as understanding language, recognizing objects, making recommendations, and controlling autonomous vehicles.

Hang up on unexpected calls saying you owe back taxes.  Those are scams!

We’re seeing a big wave of reports about phone scams claiming you owe back taxes. But it’s not the IRS calling, it’s a scammer using a company name like “Tax Resolution Oversight Department.” If someone calls you out of the blue offering to help you fix a tax issue, hang up. Here’s how to spot the scam.

It starts with an unexpected call from the “Tax Mediation and Resolution Agency,” or another official-sounding (but fake) government agency. They’ll say you haven’t paid your taxes and offer to connect you with a “tax resolution officer,” who can do a “red flag check” on your credit and help you apply for an “IRS liability reduction program.” But those aren’t real programs and that’s your sign to end the call. Some scammers leave a voicemail saying, “This may be our only attempt to reach you” hoping you’ll call back right away. But it’s all part of the story to steal personal information like your Social Security number — or in some cases, charge you an illegal upfront fee for tax debt relief that doesn’t actually help.

Help kids protect their devices

Online safety starts with protecting your kids’ devices from hackers and scammers.

Here are some steps to keep kids safer while they’re on a phone, tablet, or laptop. Consider taking these steps on your kids’ behalf and, as they get older, teaching them how to secure their devices and build good online habits.

Learn more information about protecting kids online while enhancing their safety, privacy, and healthy development at ftc.gov/KidsOnline.

Microsoft Was the Most Impersonated Brand in Q4 2025

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase.

“Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions, or looking for jobs,” Guardio says.

“They targeted Microsoft, Facebook, Roblox, and McAfee by launching fake storefronts during Black Friday, sending delivery scams throughout December's package delivery rush, and running job scams as January job hunting picks up.”

Microsoft and Facebook are generally among the most commonly impersonated brands throughout the year, due to their massive userbases. Some of the other brands are more commonly targeted near the end of the year, during the holiday and tax seasons.

“For example, gaming platforms like Steam see heavy traffic during year-end holiday sales,” the researchers explain. “Phone and web service companies (AT&T, Google, Yahoo) get more attention in December when people check their accounts and renew subscriptions. Amazon gets targeted because of holiday shopping, while Coinbase gets hit when people review their crypto investments and prepare for tax season.”

Users should maintain a healthy sense of suspicion and be on the lookout for social engineering in order to avoid falling for these attacks.

“Staying safe requires consistent vigilance,” Guardio says. “Verify sender authenticity before clicking links, checking for domain misspellings or suspicious extensions. Navigate to official websites independently rather than using links in messages. Enable two-factor authentication on all accounts. Most importantly, pause before acting on urgent messages. Scammers count on people acting fast without thinking.”

Protecting Older Adults from Costly Scams

Criminals are more sophisticated than ever with how they target older adults, and many of the most heartbreaking scams start with a fake emergency involving a grandchild. These scams work because they play on emotions and instinct. Fraudsters count on grandparents’ desire to help their families, and they use urgency and fear to cloud judgment.

Know the Red Flags and Educate Relatives

One of the most common scams involves a phone call from someone pretending to be a grandchild – or claiming to be with law enforcement or a hospital calling on the grandchild’s behalf. The message is typically urgent, saying someone is hurt, arrested or stranded and needs money right away. These calls often come with instructions to stay on the phone, not tell anyone else, and send money fast.

Scammers will do everything they can to make the story seem real. Some use fake caller ID to make it look like the call is coming from a police department or medical office. Others may use tools to impersonate a grandchild’s voice.

Let elderly relatives know that any request for secrecy or urgency is a red flag. Remind them to hang up and call the number they know to verify before acting. It’s the safest way to confirm whether a call is real.

Use a Family Password to Stay Ahead

--Information from KnowBe4 CyberHeist Newsletter & Blog

If you have been the victim of identify theft, here are some steps to help you get your life back on track: