Home State Bank Logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Stay Informed

We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed. Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.

  Glossary of Terms

There have been a few new words and phrases being thrown around lately in terms of fraud. Without knowing what these terms mean, it can be more confusing than it needs to be. Let us help explain a few of terms we've been learning about here at Home State Bank.

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing and spear phishing, are examples.

Phishing (pronounced fishing) is a hacking technique that is the digital equivalent of “casting a net.” Phishing campaigns don’t target victims individually—they’re sent to hundreds, sometimes thousands, of people. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.

Spear Phishing is highly targeted and targets a single individual. Hackers do this by pretending to know you. It’s personal.

Smishing is a form of phishing that uses mobile phones as the attack platform. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.

Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

Phishbait is an email crafted to attract prospective phishing victims to open an email and follow a malicious link.

Multi-Factor Authentication (MFA) is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. When you sign into an account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

Juice Jacking refers to the threat of malicious access gained to your phone or other USB devices when plugged into a public charging kiosk - such as at an airport or sporting event.

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Scareware is malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Whaling is a cyberattack that involves impersonating a high-ranking executive to steal money or sensitive information from an organization. It is also known as "whale phishing"

Passkey is a digital credential, tied to a user account and a website or application.  Passkeys allow users to authenticate without having to enter a username or password, or provide any additional authentication factor.

Doxing is the action or process of searching for and publishing private or identifying information about a particular individual on the internet, typically with malicious intent.

  Fraud Alerts

Updated May 12, 2025

Scam Alert: QR Code on an Unexpected Package

An unexpected package from an unknown sender arrives in your name. You open it and find a note that says it’s a gift, but it doesn't say who sent it. The note also says to scan a QR code to find out who sent it — or to get instructions on how to return it. Did someone really send you a gift? Or is it an attempt to steal your personal information?

If you know it’s really a gift, you can keep it. But know that the unexpected package could be a new twist on a brushing scam that could steal your personal information. If you scan the QR code, it could take you to a phishing website that steals your personal information, like credit card numbers or usernames and passwords. It could also download malware onto your phone and give hackers access to your device. If you scanned the QR code and entered your credentials, like your username and password, into a website, change your password right away. Create a strong password that is hard to guess, and turn on two-factor authentication. If you’re concerned someone has your personal information, get your free credit report at AnnualCreditReport.com. Look for signs that someone is using your information, like accounts in your name you don’t recognize.

Also review your credit card bills and bank account statements and look for transactions you didn’t make. And consider taking other steps to protect your identity, like freezing your credit or putting a fraud alert on your credit report. If you think someone stole your identity, report it, and get a personal recovery plan at IdentityTheft.gov.

--Information provided by BankOnIT Information Security Brief

Think that text message is from USPS?  It could be a scam

Have you ever gotten a text message about a package coming via the United States Postal Service? Maybe it confirmed your order, said a package is out for delivery, or said there's a problem like unpaid postage, a missed delivery, or you need to update your shipping preferences. That text message will say to click a link to learn more or fix the problem. But there's a good chance that text message that says it's from USPS (or FedEX...or DHL...) is really from a scammer.

Scammers want you to click the link in their message. What happens next is the scam: the click takes you to a look-alike of a real website where they'll tell you to enter personal or financial information. It will go straight to the scammer if you pay that money, along with your credit card number, name, address, and anything else you entered.

To Avoid This Scam:

  • Verify delivery information independently. If you think a text is about a real delivery, don't give information or click on any links in the message. Instead, go to the online retail site or account from which you ordered your item to look up your package's shipping and tracking information.

  • Use filters. See what options your mobile phone has to filter and block texts from unknown senders.

  • Report unwanted text messages and scams on the messaging app you use. See if your phone has an option to report junk or spam. If not, forward the message to 7726.

--Information provided by BankOnIT Information Security Brief

Give to a charity, not a scam

There’s no shortage of good causes to donate to. But before you give somewhere new, make sure you’re not donating to a scam.

Scammers are pros at tricking people into donating. They’ll often even use names that sound a lot like other charities you’ve heard of to get your money. Here’s how to make sure your money is going to support the cause you care about:

  • Don’t be rushed or pressured into giving, especially over the phone. If it’s a request to donate on social media, take the time to make sure the person who shared it with you knows the organization or person fundraising.
  • Research the charity before you give. Search the name plus “complaint,” “review,” “rating,” or “scam.” Organizations like the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Watch, or Candid also let you research charities.
  • Don’t trust your caller ID. Technology makes it easy for scammers to fake caller ID information. Calls can look like they come from your local area code, or from a specific organization, even if they don’t. In reality, the caller could be anywhere in the world.
  • Check out the charity’s website. Does it give you details about the programs you want to support or how it uses donations? How much of your donation will go directly to support the programs you care about? If you can’t find detailed information about a charity’s mission and programs, be suspicious.
  • Pay attention to how you pay. If a charity asks you to pay with cryptocurrency, by wiring money through Western Union or MoneyGram, with a payment app, or with a gift card, it’s likely a scam. Donating by credit card or check is safer.
  Tips to Help Safeguard Your Passwords:

We strive to provide our customers with the most up to date information we can, to help prevent anyone from being a victim of fraud. While we can't guarantee this will never happen, we will do our best to keep our customers informed. Please always remember Home State Bank will never call you asking for personal information such as account numbers, social security numbers, etc.

ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:

  • ESET’s Phil Muncaster's offers the following advice to help safeguard your passwords:
  • “Use only strong and unique passwords or passphrases on all your online accounts, especially your banking, email and social media accounts
  • “Avoid reusing your login credentials across multiple accounts and making other common password mistakes.
  • “Use a password manager, which will store strong, unique passwords for every site and account, making log-ins simple and secure
  • “Change your password immediately if a provider tells you your data may have been breached
  • “Only use HTTPS sites for logging in
  • “Don’t click on links or open attachments in unsolicited emails
  • “Only download apps from official app stores
  • “Invest in security software from a reputable provider for all your devices
  • “Ensure all operating systems and applications are on the latest version
  • “Never log-on to an account if you’re on public Wi-Fi; if you do have to use such a network, use a VPN”
  Tips for Online Shopping

With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.

  • Software Updates  

    Whether shopping from your laptop or tablet, make sure your operating system (OS) and antivirus software is installed and up to date.

  • Password Protection  

    Make sure you don’t use the same password for multiple accounts. When possible, use multi-factor authentication.

  • Avoid Public Wi-Fi 

    Public Wi-Fi networks are not secure and should never be used to conduct online shopping or banking transactions.

  • Know Your Vendor 

    Stick to doing business with established companies you know. Legitimate vendors us Secure Socket Layer (SSL) to protect your information.

  Tips to Avoid Becoming a Victim of Identity Theft

With more and more people doing their shopping online, the U.S. Department of Homeland Security has issued some general tips to keep shoppers safe.

  1. Keep passwords secure and always shred documents that contain any sensitive information.
  2. Do not carry your social security card with you.
  3. Sign the back of your debit and/or credit cards.
  4. Never provide a caller with your personal information such as your date of birth or your social security number. This information is not a requirement for placing an order at an e-commerce web site.
  5. Take advantage of electronic banking services, such as E-Statements, Online Banking, Mobile Banking. By using these services, you can avoid sensitive information being left in your mailbox.
  6. Know who you are dealing with before providing and confirming any personal information to mail order, telephone or internet merchants.
  7. Review your bank statements each month and know your billing cycles. If you know you have a bill due and you haven't seen the bill, call the company to investigate.
  8. Review your credit report annually to see if anything seems unusual, for example, like an account you didn't open or charges you didn't make. You are entitled to one free credit report a year.
  My Identity Has Been Stolen. Now What Do I Do?!

If you have been the victim of identify theft, here are some steps to help you get your life back on track:

1. Place a fraud alert on your credit report.
  • When you place an alert on your credit, this will prevent any other account from being opened.
  • You can request a report to see if any charges seem suspicious.
2. Close the accounts you think could be affected.
  • Contact someone in the fraud or security department of your financial institution.
  • Follow up in writing with copies of any supporting documents.
  • If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
3. File a complaint with the Federal Trade Commission (FTC)
  • When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
4. File a report with the local police department
  • Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.
ï„Č Ways to Protect Your ID

Under the Gramm-Leach-Bliley Act (GLBA) and Privacy Laws we are required to ensure the confidentiality of a consumer's information. Here are ways a consumer can protect their ID's from theft:

  • Monitor credit annually

  • Use a P.O. Box

  • Opt-out of junk mail / internal marketing lists / offers of credit

  • Enroll in the "DO NOT CALL" registry with FTC (Federal Trade Commission); it's FREE!

Questions?

If you have any questions about any of the services we offer, please call us at 877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.

Questions?

If you have any questions about any of the services we offer, please call us at 

877-474-5511 or 712-933-5511, Email us, or stop in to see us during normal business hours.