Understanding Identity Theft

Criminals can steal your identity in many ways and new avenues are being invented all the time. Identity theft involves someone using your personal information, including your name, social security number, credit card, or even bank account numbers to open accounts or run up bills in your name.

How thieves get your information

Dumpster Diving

Despite all the high-tech innovations and advancements available to identity thieves, old-fashioned “dumpster diving” – literally digging through your trash – remains a popular method for stealing large amounts of your personal information. We suggest using online banking, bill pay and shredding sensitive information to prevent such attacks.

Social Engineering

In a social engineering, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person or researcher, and even offering credentials to support that identity. If an attacker is not able to gather enough information from one source, he or she may glean other sources and rely on the information from the first source to add to his or her credibility.


Phishing is a con game that scammers use to collect personal information from unsuspecting users. They send out e-mails that appear to come from legitimate websites such as eBay, PayPal or other banking institutions. The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to your account.

The false e-mails often look surprisingly legitimate and even the Web pages where you are asked to enter your information may look real. Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information.


Vishing scams are similar to phishing scams in that criminals use these scams to attempt to steal personal and bank account information from unsuspecting individuals. A vishing scam uses VoIP (Voice over Internet Protocol), a technology that allows phone calls to be made and received over the internet. A scammer doing vishing will either send out e-mails that mimic your bank or credit card company's website and e-mails or set up an automated calling system that will call your home and sound like it is coming from your bank or credit card company.


Pharming is yet another way hackers attempt to manipulate users on the Internet. While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.

While pharming is not as common as phishing scams are, it can affect many more people at once. If you visit a certain website and it appears to be significantly different than what you expected, you may be the victim of pharming. Restart your computer to reset your computer setting, run an antivirus program, and then try connecting to the website again. If the website still looks strange, contact your Internet Service Provider (ISP) and let them know their server may have been pharmed.

Shoulder Surfing

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.


Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobile device with out your consent. These files can be installed on your computer by opening an infected email or downloading free software. These programs can cause your device to crash and can be used to monitor and control your online activity. Learn more…


Skimming involves a card-reading device used by a corrupt store/restaurant employee or placed over the real card slot on an ATM or gas pump. This device captures account information from the card. The criminal creates new cards using blank plastic card stock (even inactivated gift cards), which are then used to make withdrawals from the victims’ accounts. A way to avoid this type of attack is simply to use cash when making such purchases.

What they do with it

Online Account Takeover

Online account takeover is when cyber-thieves gain control of a person’s bank account by stealing the person’s valid online banking credentials. The cyber-thieves use the sessions to initiate funds transfers by ACH or wire transfer to other bank accounts.

See Protect Your Identity for tips on how you can protect yourself against identity theft. Home Federal Bank adheres to strict online security measures to further combat this type of fraud.

Offline Account Takeover

Offline account takeover is when a thief collects personal identity information they’ve stolen from a legitimate customer by various means (dumpster diving, etc.). The thief uses this information to impersonate the victim over the phone or in person to attempt wire transfers out of the victim’s bank account, change the victim’s mailing address with the bank, or order a new card to activate. See Protect Your Identity for tips on how you can protect yourself against identity theft. Home Federal Bank adheres to strict identification measures to further combat this type of fraud.

Debit Card Fraud

Criminals collect debit card numbers through various means (dumpster diving, skimming, unsecure websites, etc.) or steal the debit card itself to initiate withdrawals from the victim’s account. Enroll in online banking and regularly review your transactions for any unauthorized transactions. If you have a lost or stolen debit card or notice any unauthorized transactions, immediately contact us at 1-800-244-2149 or call MasterCard directly at 800-554-8969.

Loan Fraud

Fraudulent loans include those applying for a loan with a fake identity, forging loan documentation, or even posing as a financial institution in order to collect a down payment on an alleged loan, and disappearing after receiving the cash.

Watch your credit report for any loans you didn’t apply for and promptly report any discrepancies.

*PLEASE NOTE -- Links to other websites are provided as a convenience to our customers and visitors. However, the availability of these sites is not under our control. Home Federal Bank is not responsible for the content, nor does it endorse any of the products or services promoted. Also, the privacy policies and practices of these websites may differ from Home Federal Bank’s privacy policy.

Home Federal offers Personal Banking, Business Banking, Ag Lending , Home Loans, Trust and Asset Management, and Investments. With so much to offer, learn what Home Federal can do for you.

Community. Driven. Banking.
800-244-2149 | www.homefederal.com
Member FDIC | Equal Housing Lender | A subsidiary of HF Financial Corp | NASDAQ: HFFC