At HomeStreet Bank, your security is our top priority. That is why we urge caution when providing your personal information to anyone. HomeStreet Bank will never request your sensitive information by e-mail. Should you be contacted in such a manner for any reason, do not respond. Instead contact your local HomeStreet banker or our Customer Service Center at 800-719-8080 or 206-389-6309 in the Seattle area to report it.
User ID and password guidelines, tips to avoid phishing, spyware and malware, tips for keeping your wireless network safe, and more.
Here are simple steps to combat and thwart a potential cyber thief:.
- Stay alert online. Be sure computers and mobile devices are equipped with up-to-date anti-virus and malware protection. Never give out your personal financial information in response to an unsolicited email or phone call, no matter how official it may seem. Your bank will never contact you by email asking for your password, PIN, or account information. Only open links and attachments from trusted sources. When submitting financial information on a website, look for the padlock or key icon at the top or bottom of your browser, and make sure the Internet address begins with “https.” This signals that your information is secure during transmission.
- Mobilize your defenses. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially from senders you don’t know.
Criminals love to take advantage of the giving spirit during the holidays and will stoop to the bowels of the Earth to scam you out of your money. Some common tactics criminals use include fake charities, false advertisements of discounted goods, bogus coupons, and phishing with false delivery receipts or error notifications.
Be that as it may, criminals are no match for a well-informed and cautious shopper! Use the following tips to help keep yourself safe from fraud this season:
- Secure your mobile device and computer. Keep your software and operating system up-to-date with the latest patches and run anti-virus software where possible.
- Use a unique password for all merchant websites and keep your devices secured with a passcode or password.
- Don’t use public computers or public wifi for mobile banking or shopping. Attackers may have already installed malicious software on public terminals that could steal your information and when it comes to public wifi, that traffic is easily susceptible to interception.
- Pay by credit card. As a consumer you have better protection and less liability when paying for items with credit instead of debit.
- Use trusted merchants. Steer clear of websites and merchants you’ve never heard of, no matter how good the deal seems. If the deal is too good to be true, it probably is.
- Look for “HTTPS”. When making an online purchase, make sure the website is secure by looking for a locked padlock icon and the letters HTTPS at the beginning of the website address.
- Do not allow retailers to store your credit/debit card information with your account. Doing so increases your risk of being affected if a malicious actor is able to gain access to your account.
- Frequently review your bank statements. Always make sure only the purchases you’ve made appear on your statement. If something doesn’t look right, call us ASAP at 1-800-809-1377 or TTY/TDD 855-584-0256.
- Monitor your bank statements regularly. If you see anything suspicious or inaccurate, let us know right away!
- Be wary of PIN use. You have more protections when using your debit card as a credit card. Try to only use your PIN number at ATMs.
- Report lost or missing cards immediately. We’d rather send you a new card to be safe, than find out later that it was stolen and used fraudulently. For lost or stolen cards call: 800-719-8080 or TTY/TDD 855-584-0256
- Patch your devices and applications; this includes your personal computers, mobile devices, tablets, internet-connected TVs, and all software that you use. By updating to the latest software and operating system versions, you can significantly reduce your risk of an attacker taking advantage of known vulnerabilities.
- Use Anti-Malware software. HomeStreet has partnered with IBM to offer all online banking customers a free copy of Trusteer Rapport anti-fraud software.
Download Rapport for business use
Download Rapport for personal use
Mobile Devices - Smartphone and Tablet Security
Smartphones and tablets devices have a lot of great features to make banking at HomeStreet easier. It’s important that you think of your smartphones and tablets as any other computer, capable of performing financial transactions and just as susceptible to getting hacked.
As more and more people are using smartphones for financial applications, hackers are turning their attention to them. The same types of malware that can infect your laptop are finding their way into your smartphones and tablets.
Tips for Safe Mobile Banking:
- Set a password on your mobile device so no one else can access it.
- Don’t disclose personal information, account numbers, or passwords in text messages. Purge your text messages regularly.
- HomeStreet will never contact you via text message asking you to respond with account, login, password or other personal information. Don’t fall victim to a text purporting to be from us and requesting your account number(s), Social Security number, or other personal information.
- Don’t Bank and Drive.
- Use only reputable Wi-Fi hot spots that are password protected.
- Never store mobile banking login and passwords on your device.
- Phishing attempts can be sent via mobile e-mail or text message. Never open attachments or download files from unfamiliar sources.
- Be careful of apps you download. Download signed applications only from a trusted source. Look at the developer’s name, and check out reviews and star ratings.
- Install antivirus software. Many security software vendors now have a mobile version of their anti-virus solution.
- Visit only trusted web sites.
- Download a trusted app that can remotely wipe information from your lost or stolen device.
- Keep your device protected from view when using mobile banking applications.
- Turn off Wi-Fi™ and Bluetooth™ when your device is not in use, so hackers won’t have an opening to get in to your system.
- Don’t attempt to alter your smartphone manufacturer’s security settings. “Jailbreak” or “Root” your smartphone will void your warranty, and make the phone much more vulnerable to attacks.
- Delete all Mobile Banking Apps, and personal information if you sell or discard your smartphone or tablet. This includes e-mails, text messages, photographs, contact details and Internet links. Login to HomeStreet Online Banking application on your PC, click Customer Service tab, click Manage Mobile Banking Settings, select your device and either Disable Device or Remove Device
If your mobile device is lost or stolen:
If you have any questions, or if we can help you in any way, please feel free to contact us at Corporate Information Security.
- Change your password immediately. Log in to HomeStreet Online Banking from your PC and change your Online Banking password.
- While in the HomeStreet Online Banking application, click Customer Service tab, click Manage Mobile Banking Settings, select your device and either Disable Device or Remove Device.
- Watch your account closely for unauthorized transactions.
- Remotely wipe your device, if you can.
- Report the loss to your carrier and ask them to disable the device.
- Contact HomeStreet to let us know about the loss. We can discuss additional security options with you.
Green Bar Means Safer Online Banking with HomeStreet
HomeStreet Bank uses enhanced security to help keep online banking customers safe. HomeStreet uses Extended Validation SSL from VeriSign®, a trusted provider of Internet infrastructure services for the networked world, to provide added assurance that our web site is authentic. When visiting our Web pages, the URL address bar turns green, a closed padlock icon appears, and HomeStreet's name is shown to the right of the URL along with the security provider issuing the certificate (VeriSign). More than 75% of browsers being used today are high-security browsers that can show the green bar. Supported browsers include Internet Explorer 7.0, Firefox 3.6, and Safari 4.0 or later.
Here is an example of what you should see with high-security browsers when you are on a www.homestreet.com Web page:
Online Banking Security
We address Online Banking security at three levels:
To learn more about best practices for protecting your privacy and preventing ID theft when online, check out our Secure Login FAQ.
Securely Transmitting Information
Communication between your browser and HomeStreet’s online banking servers uses Secure Sockets Layer (SSL) technology and the green bar Extended Validation described above. To ensure that our customers get the most out of this security technology, our Online Banking Web portal requires the use of a Web browser that supports 128-bit encryption. If your browser does not support 128-bit encryption, we recommend that you upgrade to one of the following high-security browsers: Internet Explorer 7.0, Firefox 3.6,or Safari 4.0 (we recommend the latest versions of any of these browsers).
Securely Storing Information
Your customer information database is housed on our secure servers and protected by firewall technology. Just as authenticated requests are the only things that can communicate with our Online Banking server, our Online Banking server is the only thing that can send requests to the customer database
Preventing Unauthorized Access
A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps are taken automatically to prevent that account from being used.
The Latest Federal Guidelines Governing How Banks Confirm the Identity of Online Users
Consumers appreciate the convenience and speed of banking and bill paying over the Internet, but many are concerned about the safety of their money and personal information based on news coverage of criminals making unauthorized transfers from accounts. That's why the FDIC and other federal financial regulators updated the guidelines on how banks should verify that someone logging on to a bank's website is the real owner of a particular account. The new guidelines became effective Jan. 1, 2012.
Under the earlier guidelines in place since 2005, banks were expected to require more than just a password to allow access to an Internet bank account; people logging in also needed to clear a second hurdle, such as correctly responding to a series of questions that only the account owner and the bank knew the answers to.
Under the 2012 guidelines, banks are also expected to have additional layers of stronger security — both before account access is granted and before money can be transferred out of that account.
"For example, your bank may check that the computer you are logging in from is located where you live and not in a foreign country, or it may put a hold on fund transfers that don't match your payment history until the bank can verify the legitimacy of that transaction," explained Jeff Kopchik, an FDIC senior policy analyst who specializes in technology issues.
While most of these new security measures will operate behind the scenes, your bank may contact you about the new controls and any changes in online banking procedures. For that reason, there is a concern that criminals may attempt to repeat scams that surfaced when the 2005 guidelines were issued. Back then, criminals pretending to be bankers sent e-mails asking consumers to "enroll" in a new security program. The fraudulent e-mails asked consumers to provide certain sensitive personal information (such as a password) or to click on a link that appeared to be legitimate but actually installed malicious software — often called malware — that allowed the crooks to spy on the individual's computer.
Any new security procedures that HomeStreet Bank implements in response to the new guidelines will not require you to take any action via email, so be wary of any e-mail that appears to be from HomeStreet or any other bank that asks you to provide information such as your password or that asks you to click on an embedded link.
If you receive such an e-mail and have any concern about its authenticity, contact your bank directly.
Also on Jan. 1, 2012, federal examiners began reviewing banks' assessments of their online banking risks as well as the new security measures they put in place.
ID Theft Protection
What is ID Theft?
Identity thieves access personal information through credit card and bank statements stolen from mailboxes, e-mail solicitations such as phishing and by other means. Learn how to safeguard yourself and your computer from identity theft.
Do not respond to unsolicited requests for your personal information or be intimidated by threats of dire consequences. You have the right to determine that the source is legitimate.
Test your knowledge! Take this online quiz to spot the difference between real and fake websites.
Make sure after typing an address into your browser that you land on a secure site. One way to check is by looking at the website URL. Make sure it begins with "https" or that the icon lock is displayed as this confirms the site is using a secure socket layer (SSL) certificate to protect your information.
ID Theft Prevention
Information about Identity Theft
What can you do to reduce your risk of identity theft?
- Never provide personal financial information in response to an unsolicited Internet or telephone request. A financial institution will never ask you to verify your account information online.
- Do not be intimidated by an e-mail or a caller who threatens actions based on failure to respond to their request. Thieves will often use the threat of dire consequences if you do not immediately provide or verify financial information. You have the right to ascertain that the source of the request is legitimate.
- If you believe a contact may be legitimate, call the institution directly, or go to the company's web site by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the email. Always be the one to initiate the contact.
- Review account statements regularly to ensure that all charges are correct. If your account statement is late to arrive, call your financial institution to find out why. If your financial institution offers electronic account access (such as HomeStreet's Online Banking), use this service periodically to review activity online.
- Identity theft can occur any time, not just immediately after your personal information has been fraudulently obtained. Be vigilant and monitor your account activity and credit history regularly.
Other prevention tips:
- Never leave your wallet, purse, checkbook or credit receipts in your car. Car prowl is a prime source for identity theft.
Have your mail delivered to a secure location. Don't place bills with signed checks in unsecured mail boxes.
Be careful when using a debit card to shop online. Once funds are stolen from your account, it can be difficult to recover them. Consider using one credit card only for your online purchases. Use a secure browser when sending credit card numbers over the Internet. Review your bill carefully as soon as you receive it. Contest unauthorized charges.
- Keep a list of all your credit/debit cards, card numbers and issuer phone numbers. This will facilitate your reports to creditors/banks if your purse or wallet is stolen.
Memorize the personal identification number (PIN) for your ATM or debit card. Never store the PIN in your purse or wallet.
Shred your financial garbage, including credit receipts, pre-approved credit offers and credit checks. Cross-cut shredders are most effective.
Never carry anything with your Social Security Number on it. If your health insurance card shows your SSN, ask your insurer for a new card without the SSN. Until you get your new insurance card, carry it only when you need to use it.
Prevent credit reporting agencies from selling your name, SSN, address and credit rating. Merchants who want to offer you credit cards or sell you merchandise buy your financial information. This is a source for personal information that can ultimately be published on the Internet. Consider the "Opt out" option of all credit reporting agencies.
Tips for Victims:
If you are a victim of fraud and suspect your personal information has been compromised, you should take the following steps:
- Call your bank and credit card issuers immediately so they can take necessary steps to protect your account.
- File a police report and call the fraud unit of the three credit-reporting companies: Experian, TransUnion, and Equifax.
- Consider placing a victim statement in your credit report and a fraud alert on your account.
- Keep a log of all the contacts you make with authorities regarding the matter. Write down names, titles, and phone numbers in case you need to re-contact them or refer to them in future correspondence.
- Contact the FTC’s ID Theft Consumer Response Center at 1-877-ID THEFT (1-877-438-4338).
Information Security: How does Phishing Work?
Before you open an attachment or a link in an e-mail from an address that you do not recognize, stop for a moment and look at it with a skeptical eye. Security breaches usually start with a phishing email aimed at installing malware on computers or nabbing user ID and passwords. Here are some best practices that we should all know:
- Look for unprofessional spelling and` grammar errors.
- Treat any e-mail you don't expect to receive with suspicion.
- Check for odd-seeming phrases or out-of-the-ordinary topics of e-mail messages based on your knowledge of the sender.
- Hover your cursor over links to see if you recognize the email source of the address. If you don't it could be phishing.
Don't let a phishing scam catch you! If you suspect a message is a phishing scam, forward it to Corporate Information Security for further investigation.
Information Security: Protect Your Password!
What's your login password? TRICK QUESTION! No one should ever ask you for your password. Not in person, over the phone, or in an email.
Your password is like your signature, providing access to all your account information.
Best practices: Change your password frequently, never share your password, and use unique passwords on all your financial sites.
If you need more information, please feel free to contact Corporate Information Security.
Strong Passwords Protect Your Privacy
Your sign-on password may be easier to hack than you think. According to Corporate Executive Board IT Leadership Exchange, more than 99% of passwords can be found within the top 10,000 most commonly used passwords.
Using the same password for multiple websites increases your chances of losing or compromising sensitive information. Instead, vary passwords between online accounts, just as you use different keys for your car, home and work file drawer. Make your information more secure by creating a password that is complex to everyone else, but easy for you to remember.
What is the right password?
Creating a strong computer password is both an art and a science. If you create a password that has too many similarities to your name, address or your pet's name, you run the risk of losing valuable information. Create a password that has too many different variables or is challenging, and you may not remember how to access your account.
Suggestion for creating a strong password:
Follow these steps to create a strong password and help protect your privacy
- Start with a phrase that's important to you - a line from a special song, a memorable event, an inspiring quote or a phase such as “It Was A Dark And Stormy Night,” and then take the first letter of each word (iwadasn).
- Randomly replace letters to generate a password with upper-case letters, lower-case letters and special characters. Here's what that could look like: 1W@dA$n.
Remember your personal system, and then alter it slightly for different websites - such as by adding a relevant tag at the beginning or end. Create new password systems for critical accounts, such as online banking: BANK1W@dA$n.