ONLINE SECURITY IS
VERY IMPORTANT TO US!
To ensure that your online experience is secure, we use a process called multilayer authentication as part of the log on procedure for Home Financial Services (HFS). This process involves several layers of security. To access the secure area, we require that you enter your account number, answer a security question if you have not registered your computer, verify your security image and personal phrase, and finally input your password. If you use our Bill Pay product, a security phrase that you have chosen will flash on the screen.
As a precaution, your security information is stored in an encrypted format that even we cannot decode. When you are logged in, we use:

• Secure Sockets Layer (SSL) protocol to ensure that your connection and any information transmitted is protected.
• 128-bit encryption to make your information unreadable as it passes over the Internet.
• Automatic time-out that occurs if you are inactive in the secure area of our site for more than 10 minutes.

If your browser doesn't support SSL or 128-bit encryption, you should upgrade your browser.
While we continue to evaluate and implement the latest improvements in Internet security technology, members who are using the system also have responsibility for the security of their information and should always follow the recommendations listed below:

• Utilize the latest browser version of either Firefox or Microsoft Internet Explorer. Our online HFS system is best viewed and is most secure when you use one of these browsers, as they are certified for use at our site.
• Your password must be kept confidential. For maximum security, use the full available length of your alpha-numeric password (it is best to always use at least 8 digits) and change it frequently to ensure that the information cannot be guessed or used by others.
• Be sure others are not watching you enter information on the keyboard when using the system.
• Never leave your computer unattended while logged on to the system. Others may approach your computer and gain access to your account information if you walk away.
• Exit the system (log out) when you are finished to properly end your session. Once a session has ended, no further transactions can be processed until you log on to the system again.
• Close your browser when you are finished, so that others cannot view any account information displayed on your computer.
• Keep your computer free of viruses. Use virus protection software to routinely check for a virus on your computer. Never allow a virus to remain on your computer while accessing the system.
• We recommend our business members conduct their own risk assessment regarding the controls they have in place to mitigate fraud or losses.

By following these simple recommendations, you can make your online financial activities more secure. We look forward to serving your needs both today and into the future-securely!

PHISHING, SMISHING AND VISHING
What is phishing?
Phishing is a popular scam where someone tricks a user into providing his username and password or other personal information to commit identity theft via e-mail. The most common requested information is a Social Security number, bank account number, PIN number, credit card number, or mother's maiden name.

In many cases, phishers create an official-looking web page that asks for this information. Users will often receive a link to this phishing page via an e-mail from an official-looking---but likely forged---address. Given the nature of the web, it's easy to stumble upon these fraudulent websites by following links that you find in your e-mail, on the web, or in IM messages.

Do not click on links provided in an e-mail unless you are expecting one or have checked with the person sending it by not using the reply feature, but emailing them directly.

What is smishing?
The name is derived from SMs phISHING. SMS (Short Message Service) is the technology used for text messages on cell phones. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook"---the method used to actually "capture" your information---in the text message may be a web site URL. However, it has become more common to see a phone number that connects to an automated voice response system. The smishing message usually contains something that wants your "immediate attention." Some examples include:

• We're confirming you've signed up for our dating service. You will be charged $2 per day unless you cancel your order on this URL: www.xxxxx.com.
• (Name of popular online bank) is confirming that you have purchased a $1500 computer from (name of popular computer company). Visit www.xxxxx.com if you did not make this online purchase.
• (Name of a financial institution): Your account has been suspended. Call 000.000.0000 immediately to reactivate.

The "hook" will be a legitimate-looking web site that asks you to "confirm" (enter) your personal financial information, such as your credit or debit card number, CVV code (the three-digit number on the back of your credit card), your ATM card PIN, Social Security number, e-mail address, and other personal information. If the "hook" is a phone number, it normally directs to a legitimate-sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.

This is an example of a (complete) smishing message in current circulation:

Notice: This is an automated message from (a local credit union). Your ATM card has been suspended.
To reactivate, call 000-000-000. Urgent.

In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS message was sent via e-mail to the cell phone, and not sent from another cell phone.

What is vishing?
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing, but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice e-mail, VoIP (voice over IP), or landline or cellular telephone

REMEMBER: Do NOT give out any personal information over the phone or on the web unless you've initiated the call.