Fraud Information Center

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.

Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.

Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.

Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Whaling is a cyberattack that involves impersonating a high-ranking executive to steal money or sensitive information from an organization. It is also known as "whale phishing"

Quishing is short for "QR Code Phishing" involves obtaining sensitive information or install malware by directing people to malicious websites or fake payment websites. 

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Doxing is the action or process of searching for and publishing private or identifying information about a particular individual on the internet, typically with malicious intent.

Juice Jacking refers to the threat of malicious access gained to your phone or other USB devices when plugged into a public charging kiosk - such as at an airport or sporting event.

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Scareware is malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Passkey is a digital credential, tied to a user account and a website or application.  Passkeys allow users to authenticate without having to enter a username or password, or provide any additional authentication factor.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

Artifical Intelligence (AI) is a technology that allows you to generate, classify, and perform tasks like image analysis and speech recognition. AI encompasses a range of technologies, including machine learning, that allow computers to perform tasks requiring human cognitive functions, such as understanding language, recognizing objects, making recommendations, and controlling autonomous vehicles.

Protecting Older Adults from Costly Scams

Criminals are more sophisticated than ever with how they target older adults, and many of the most heartbreaking scams start with a fake emergency involving a grandchild. These scams work because they play on emotions and instinct. Fraudsters count on grandparents’ desire to help their families, and they use urgency and fear to cloud judgment.

Know the red flags and educate relatives

One of the most common scams involves a phone call from someone pretending to be a grandchild – or claiming to be with law enforcement or a hospital calling on the grandchild’s behalf. The message is typically urgent, saying someone is hurt, arrested or stranded and needs money right away. These calls often come with instructions to stay on the phone, not tell anyone else, and send money fast.

Scammers will do everything they can to make the story seem real. Some use fake caller ID to make it look like the call is coming from a police department or medical office. Others may use tools to impersonate a grandchild’s voice.

Let elderly relatives know that any request for secrecy or urgency is a red flag. Remind them to hang up and call the number they know to verify before acting. It’s the safest way to confirm whether a call is real.

FBI Issues Guidance for Avoiding Deepfake Scams

The FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake scams.

“Criminals may pose as loved ones, government officials, law enforcement personnel, or even celebrities, often using fear and urgency to convince victims to send money or share sensitive information,” the advisory says. “According to the FBI, more than 4.2 million fraud reports have been filed since 2020, resulting in over $50.5 billion in losses, with a growing portion stemming from deepfake scams.”

FBI Criminal Investigative Division Assistant Director Jose A. Perez stated, “The FBI continues to see a troubling rise in fraud reports involving deepfake media. Educating the public about this emerging threat is key to preventing these scams and minimizing their impact. We encourage consumers to stay informed and share what they learn with friends and family so they can spot deepfakes before they do any harm.”

The advisory outlines the following red flags associated with deepfake images and videos:

• “Blurry or distorted facial features

• Unnatural blinking or facial movements

• Audio-video mismatches

• Flat or robotic voice tones

• Odd lighting or shadows.”

Five ways to help you cut down on unwanted calls

If you feel like you get more than your share of unwanted calls, you're not alone. To slow down these persistent calls - some of which lead straight to scams - take a few simple steps.

• Register your phone number for free in the National Do Not Call Registry. Registering will likely cut down how many unwanted calls you get. Unfortunately, it won’t stop calls from scammers to your home and mobile phone — and there are still organizations and groups allowed to call you.

• Hang up on robocalls.  Getting a lot of recorded messages trying to sell you something? Odds are the calls are not legal. Don’t press any numbers or call back. Instead, hang up and report them at DoNotCall.gov.

• Use your phone’s built-in features. Many cell phones have settings that let you block calls from specific numbers or send certain calls straight to voicemail, especially if they come from a phone number you don’t recognize.
• Research apps to filter calls before downloading. Some call-blocking apps are free, while others charge. At ctia.org, you can see wireless industry lists of call-blocking apps. See what independent experts are saying and check the ratings and reviews on your online app store before you decide on a call-blocking app.

Learn more about how to stop unwanted calls at ftc.gov/calls.

Before you donate, find out where the money is going

Would you donate to a cause if the fundraiser lied about how the money would be spent? Probably not. But that’s what the FTC says Kars-R-Us.com, Inc. (“Kars”) did when it collected vehicle donations on behalf of a supposed breast cancer charity.

In a settlement announced today, the FTC says Kars raked in millions of dollars soliciting donations through TV, radio, and online ads, in English and Spanish. It claimed proceeds would go to United Breast Cancer Foundation (UBCF) to “save lives” by offering free or low-cost breast cancer screenings. But of the $45.5 million Kars raised for UBCF between 2017 and 2022, UBCF spent less than 1% to pay for breast cancer screenings.

Spot an ad for a charity you want to donate to? Here’s how to find out whether it’s legit and will support programs you care about:

--Information from KnowBe4 CyberHeist Newsletter & Blog

If you have been the victim of identify theft, here are some steps to help you get your life back on track: