Security & Fraud Prevention

Online fraud occurs when someone attempts or succeeds in obtaining your sensitive personal data by posing as a legitimate business or company, and then uses that information to conduct illegal transactions The most current type of online fraud is called “phishing” or “spoofing.” Fake emails, websites, and pop-up windows are all examples of “phishing” attempts by fraudsters. This fake e-activity can contain malware that could record your keystrokes in order to obtain your information.

Identity theft occurs when someone attempts or succeeds in obtaining your personal information, like your social security number, bank account number, or other identifiers, and then uses it to open new accounts or initiate transactions in your name. If granted the right information, an identity thief could open new credit cards, open new bank accounts, forge checks, or even apply for loans in your name, often resulting in financial loss and damage to your credit.

Common methods of obtaining private information for use in fraudulent activity or identity theft include:

• Stealing wallets, purses, and checkbooks
• Stealing mail from your mailbox
• Searching through trash for discarded documents
• Setting up email scams and fraudulent websites (phishing)
• Illegally accessing your computer systems (hacking)
• Using false pretenses via telephone (pretext calling)

NOTE: Any unsolicited request for your Home Federal banking account information you recieve through emails, websites, or pop-up windows should be considered fraudulent and reported to us immediately. 

“Scam” is the most common term for a dishonest scheme or fraud. Scammers are often after your personal data or money, and are continuously devising new methods of defrauding the general public. Common scams include:

Phishing

Online fraud occurs when someone poses as a legitimate company to obtain your sensitive personal data, it's commonly called "phishing." The most common methods of phishing include fake emails, websites, and pop-up windows (or any combination of the three). 

Always keep in mind that any unsolicited request for your Home Federal account information should be considered fraudulent and reported to us immediately. 

Phishing emails will often: 

• Ask you for personal information.  Fake emails often contain an overly generic greeting and may claim that you information has been compromised, that you account has been frozen, or ask you to confirm the authenticity of your transactions.
• Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered. 
• Contain fraudulent job offers. Some fake emails appear to be from companies offering jobs. These are often work-at-home accounting positions which are actually schemes that victimize both the job applicant and other customers. Be sure to confirm that the job offer is from a known and trusted company be another means of communication (phone, mail, in person, etc.) 
• Contain prize or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate, you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issues from a known and trusted company. 
• Link to counterfeit websites. Fake emails may direct you to counterfeit websites that are carefully designed to look real, but actually collect personal information for illegal use (or potentially infect your computer with a virus if visited). It is best practice NEVER to visit a website listed in an email if you suspect the email is fraudulent. 
• Link to real websites. In addition to links to counterfeit websites, some fake emails also include links to legitimate websites in an attempt to make a fake email appear real. Again, it is best practice NEVER to visit a website listed in an email if you suspect the email is fraudulent.
• Contain fraudulent phone numbers. Like website, some fake emails contain telephone numbers that are actually tied to the fraudsters to appear legitimate. They may even list legitimate phone numbers to try and trick you into thinking they're legitimate. It is best practive to always request additional contact information to legitimize the business if you feel it may not be fraudulent (i.e. mailing address, BBB listing, etc.), or avoid using any contact methods listed should you suspect the email to be fraudulent.

If you're unsure if the email is fraudulent or not, DO NOT REPLY TO IT OR FORWARD IT. Instead, print out the email and bring the printout to your nearest Home Federal to help determine if it is fraudulent. Unfortunately, if it seems like fraud, it probably is fraud.

If you respond to something with personal information and suspect fraudulent activity after the fact, call Home Federal at 888.489.5355 immediately.

Fraudulent Lottery Winnings

In this scam, you are sent a letter, email, or phone call stating you’ve won a lottery. The letter will request that you send an administrative fee in order to claim your winnings. It may even include a check to cover this fee. The check, however, is fraudulent.

Unsuspecting individuals deposit the fraudulent check, and subsequently wire funds to the “lottery administration.” The check is then identified by the bank as fraudulent, usually not until after the wire transfer has been completed. The unsuspecting individual is now responsible for the returned check. More often than not, there is no way to recover the money wired out.

Ways to know if it's most likely a scam: 

• If you don't recall entering into the lottery listed
• If the letter, email, or phone call states you've won a lottery outside of the U.S. (it's illegal to participate in foreign lotteries)

If you're still unsure, feel free to bring your letter to your nearest Home Federal to help determine if it is fraudulent. Unfortunately, if it seems too good to be true, it probably is fraudulent. 

ATM Skimming

In this scam, thieves install electronic devices (called skimmers) over the normal card reading slot in an ATM machine.

Skimmers record the data from the magnetic strip on the back of your card. A tiny camera hidden near the skimmer records you pin number as you enter it. The scammers then uses the information they’ve gathered from the skimmer and camera to manufacture counterfeit cards, make purchases, and withdraw money from your account.

Ways to protect yourself: 

• Use secure ATM machines under video surveillance or inside of a bank lobby. They're less likely to be tampered with. 
• Pay careful attention to what the card reader and keypad normally look like on the ATMs you use most frequently. 
• Don't use an ATM if the card reader appears to be added on, fits poorly, or is loose. Some thieves place a fake box over the card slot that reads and records account and PIN numbers. 

Call the customer service number on the ATM immediately if a machine appears suspicious or if it does not function properly. If you detect fraudulent activity on your debit card account, call us at 1.800.472.3272. 

Mystery Shopping/Job Scam

In this scam, an unsuspecting individual applies for a seemingly lucrative gateway job in the field of mystery shopping. It can work one of two ways:

1. An unsuspecting individual finds a mystery shopping job in a newspaper or on a website. He/She is instructed to “register” in order to accept a shopping job for a reputable company. The registration process includes payment of a fee for job certification, a company directory, or guaranteed work status. The individual has now provided the scammer with personal information AND payment.
    
2. An unsuspecting individual is “hired” as a mystery shopper. Their first assignment is to evaluate a money transfer service like Western Union or MoneyGram. The individual receives a check for deposit into their personal bank account. He/She is then instructed to withdraw the deposited funds and wire it to a third party – the scammer. Eventually the original deposit is identified as fraudulent, and the unsuspecting individual is now responsible for the returned check. More often than not, there is no way to recover the money wired out to the scammer.

E-Bay/Craigslist Scams

This is a check overpayment scam often occurring when an individual sells a car or other valuable item via an online auction site such as Ebay.com or Craigslist.com.

How it works: An unsuspecting individual posts a sale ad for a particular item or valuable. Someone responds to the ad and offers to pay for the sale item using a cashier’s check, personal check, or corporate check. At the last minute, the “purchaser” gives a false reason to write the check out for more than the listed purchase price, asking the seller to wire back the difference once the check has been deposited. Eventually the deposit is identified as fraudulent, and the unsuspecting individual is now responsible for the returned check. More often than not, there is no way to recover the money wired out to the scammer. 

Data Breach is the term used for an incident in which sensitive, protected client information has potentially been viewed or stolen by an unauthorized individual from a legitimate business or organization. This typically results in attempts by criminals to impersonate a bank, a retailer, or other organization. Criminals may ask you to provide personal information or account information by telephone, email, or fake website. Legitimate organizations, like Home Federal, will never ask you to provide account information. Please be on guard against these scams.

You can monitor your Home Federal accounts daily through our online banking portal or our Home Federal mobile app for any suspicious or unusual activity.

Home Federal offers our clients multiple layers of security protection against fraud. In most cases, clients are not responsible for any unauthorized purchases made on their Home Federal debit cards. Home Federal absorbs these costs. If you suspect fraud on your Home Federal accounts call 866.535.1223 during regular business hours or call 800.472.3272 after business hours.

The best way to protect yourself from fraud, identity theft scams, and data breaches is by preventing them.

Below you’ll find helpful tips on maintaining your security both online and offline.

Personal Identification Information

• Carry only necessary identification documents on your person. NEVER carry your social security card.
• If asked for your social security number, request the reason it is required. If possible, offer to give a different identifier.
• Photocopy the information you carry daily and keep copies in a safe deposit box.
• Shred any financial or personal documents prior to discarding them. If at all possible, limit paper trails by opting for e-Statements or paper receipts, and managing your accounts online.
• Receive and pay bills online with Bill Pay. If you must send a bill, or any other document containing personal information, by mail, use a U.S. Postal Service box instead of your home mailbox. 
• Collect mail from your home mailbox promptly to avoid mail theft.

Email Tips

• Delete suspicious emails without opening them. NEVER open an attachment or link without verifying the sender.
• Never provide sensitive or personal information in a response email. Home Federal will not request this information from you via email or pop-up window.
• Always use secure email when corresponding with your banker in regards to personal information.

Computer and Internet Tips

• Keep your Internet browser and computer operating system up-to-date.
• Install a personal firewall
• Install and update anti-virus software, and activate a pop-up blocker. Scan your computer regularly for spyware or adware and promptly remove any suspicious results.
• Beware of free Internet downloads. They may contain malware, or spyware and adware designed to allow pop-ups.
• Protect your passwords. Keep them in a secure place and out of plain sight. Never share them on the Internet, via email, or over the phone. Change passwords a minimum of 90 days, and never use the same password for multiple accounts.  
• Use passwords that are at least eight characters in length, and include numbers or symbols. Avoid using common words, your personal information, your login name, or adjacent keyboard keys as passwords.
• Use secure websites for transactions and shopping. Make sure the webpage you are viewing offers encryption of your data (check for a lock symbol in the lower right-hand corner of your browser window, or a web address that begins with https://)
• Avoid downloading programs from unknown sources.
• Shut down your computer whenever it is not in use

Check/Debit Card Transactions

• Use secure ATM machines under video surveillance or inside of a bank lobby.
• Refrain from using ATM machines where the card reader appears to be added on, fits poorly, or seems loose.
• Never cash a check of unknown origin. If you must accept a check form an unknown source (i.e. – someone purchasing something you’ve sold), ask that it be drawn on a local bank so you can verify funds prior to cashing it.
• Never wire funds to an unknown person for ANY reason.
• Do not accept checks written for any amount greater than your requested price when selling items.
• Throw away any offers that require you to pay for a prize or gift. 

As part of our commitment to protecting our clients from fraud, identity theft, scams, and data breaches, Home Federal practices and advises the following: 

Phone Etiquette

• When you call us, our staff will ask for your personal identifying information and information from your account to ensure it's you on the phone and not someone posing as you. 
• Our staff will never call you and ask for your account information. If someone else calls you asking for account information, do not provide it. 

Email Correspondence

• We will never request personal information in response to an email, or in an unsecured email. If you receive this type of email, consider it a scam and ignore.
• While email is a very convenient way to contact us, it is not secure and information sent in an email may be compromised. Never email us (or anyone else) your tax identification number or account numbers. If you want to provided some of this information for reference, please only provide the last 4 digits of your tax ID number or account number. Should you need to send full tax ID or account information (or if we need to send it to you), please always use secure email.
• Home Federal will only reference personal/sensitive information in secure email that requires you to log into to access.
• Home Federal does not use pop-up windows to request account information. If you see this, consider it a scam.

Online Security

• Home Federal requires a unique user ID/password combination for you to access your online banking account. We also require your password to be changed regularly to keep your account secure.
• Home Federal offers a secure online banking portal with Bill Pay service and e-statements to help eliminate paper trails. We suggest signing up for e-Statements if you haven't already!
• We do not allow you to access Online Banking in browsers that do not meet our security standards.
• We employ firewalls that limit access to only those clients providing the proper passwords when trying to access your online account.
• Home Federal encodes and scrambles online data exchanges using 128-bit key SSL encryption.

Debit Card Activity

• Home Federal monitors for potentially fraudulent activity on your debit card activity based on geographic location, purchasing habits, and typical spending range.
• If we see a transaction that is not part of your normal activity, you may receive a text message (if you have a cell number on file) and/or a phone call from us to verify that you, in fact, initiated the transaction. Any text message you receive will show as originating from Home Federal, and any phone calls may come from our automated system or from one of our staff. The text and/or phone call will ask you to verify the purchase and/or your identity, but we will never ask for your account number. Find out more about text alerts on our blog.
• Home Federal offers products like CardGuard and Mobile Wallet capabilities to help keep your debit card activity more secure. 

If you suspect that you are a victim of fraud or identity theft, take action immediately by following the steps outlined below.

IMPORTANT TIP: Always keep records of all conversations and correspondence.

1. Contact Home Federal and other banks you use:

   Report any fraudulent activity on your Home Federal accounts by calling us.

2. Contact major credit card bureaus:

   The fraud departments of the three main credit bureaus track the accounts opened in your name. You can request that a short or long-term “Fraud Alert” be placed on your credit file, which requires creditors to verify your identity prior to opening any new accounts in your name or changing any existing accounts. You only need to contact one bureau to do this – that bureau will notify the remaining two bureaus. If you want to place a credit freeze, see the credit freeze section for instruction. 
   
   Equifax: 1.800.525.6285 or www.equifax.com
   Experian: 1.888.397.3742 or www.experian.com
   TransUnion: 1.800.680.7289 or www.transunion.com
    

3. Obtain a free credit report:

   Credit bureaus must provide victims of identity theft with a free copy of their credit report. Request one from each bureau, since the information can differ. Review them carefully to see if any fraudulent accounts have been opened. If so, notify the credit bureau and the companies where accounts were opened to report the fraud directly. Once the dispute has been resolved, the credit bureau that you dealt with will send you another copy of your credit report for your review. Make sure all fraudulent activity has stopped and your file has been corrected.

4. Contact other creditors:

   Contact your other creditors including credit card and phone companies, as well as banks and other lenders, to notify them of potential fraud. Always follow up any telephone conversation with a letter. Close any accounts that have been breached and reopen them with new account numbers and passwords. We strongly suggest not using your Social Security number as either a username or password.

5. File a report with the local police:

   Contact your local police department if you suspect that your personal information was stolen. A police report will lend weight to your case when dealing with creditors who may require proof of criminal activity.

6. Contact other agencies as appropriate:

   Notify any other agencies that are involved with your claim. Common additional agencies or businesses to contact include the Postal Inspection Service, Social Security Fraud Hotline, retail stores (for fraudulent activity on store-specific credit cards), etc.
   
   Postal Inspection Service: www.usps.com. If you believe your mail was stolen or redirected, notify the Postal Inspector at your local post office. 
   Social Security Fraud Hotline: 1.800.269.0271. If you suspect someone is using your Social Security Number for fraudulent purposes, call the hotline.

Carefully review all of your accounts:

Since identity theft takes time to completely resolve, you should continue to carefully review all charges and transactions appearing on account statements and online. Any discrepancies should be reported immediately.

A credit freeze, or security freeze, provides you the piece-of-mind you seek if you are concerned about identity theft or someone gaining access to your credit report. This allows you to restrict access to your credit report – ultimately making it more difficult for personal identity thieves to open any new accounts in your name. 

How to place a Credit Freeze:

In order to place a credit freeze request, you must contact each of the credit reporting companies listed below.

Equifax: 1.800.525.6285 or www.equifax.com
Experian: 1.888.397.3742 or www.experian.com
TransUnion: 1.800.680.7289 or www.transunion.com

You must provide your name, address, date of birth, Social Security Number, and other personal information in order to successfully freeze your credit. After placement of your credit freeze, each of these companies will send you a special confirmation, including a PIN (personal identification number) or password. You will use either of these if you choose to remove the credit report freeze.

Can my credit report still be seen? 

Even if you freeze your credit, the following entities will still have access to it: 

• Existing creditors
• Debt collectors
• Government agencies

How to remove a Credit Freeze

Circumstances like acquiring a new job or applying for credit may lead you to want to lift your credit freeze for a temporary amount of time, or maybe you want to remove the freeze altogether. The length and cost to remove a freeze varies by state, and a credit reporting company is required to lift a freeze no later than 3 business days after receiving your request. 

A Credit Freeze and your Credit Score

When it comes to placing a credit freeze, you do not have to worry about it affecting your credit score. A credit freeze is a safe way to protect your personal identity and will not affect any of the following: 

• Opening a new account
• Applying for a job
• Renting an apartment
• Buying insurance

NOTE: For each of these, you must temporarily lift the freeze in order to proceed.

Know the difference between a Credit Freeze and a Fraud Alert

The difference between a credit freeze and a fraud alert is that a fraud alert will allow creditors to obtain a copy of your credit report if they verify your identity, and a credit freeze will lock down all your credit. Fraud alerts provide an effective way to stop someone from opening new credit accounts in your name, but may not prevent any unwanted use of your accounts. 

The following are 3 types of fraud alerts you should know: 

• Extended Fraud Alert: An extended fraud alert will protect the credit of the victims of identity theft for 7 years. 
• Initial Fraud Alert: Initial fraud alert will protect credit from unknown access for up to 90 days for those who haven't become a victim of identity theft, but are concerned. 
• Active Duty Military Alert: The active duty military alert will protect the credit of those who are deployed and will last 1 year. 

Identity theft is a serious issue, but there are many precautionary measures you can take to ensure your credit is safe and protected from unwanted access.