On this page
Avoiding fraud
If someone contacts you out of the blue by phone, email or text message:
Stop – taking a moment to stop and think before parting with your money or information could keep you safe.
Challenge – could it be fake? It's OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect – we're here to protect you. If you believe that you are a victim of a fraud attempt please call us on 2148 3809.
Be aware of common scams
Phishing
These are email scams where a fraudster will send you an email pretending to be a legitimate organisation such as a bank. The email will ask you to update or verify your personal or financial information. Sometimes you'll be sent to log on to a website that looks legitimate, but is fake. The objective is to encourage you to provide your secure information so the fraudster can hack into your accounts.
Vishing
This kind of fraud is a social-engineering scam. It's the telephone equivalent of phishing, where a fraudster will phone you and try to trick you into giving your private information. Be wary of anyone who calls you asking you to disclose information. If we call you, we will ask you some simple security questions about your personal and financial details to make sure we're talking to the right person. However, we'll never ask you for information that could be used to access your account such as your PIN, CVV number from your card or HSBC Secure Key. If in doubt, always end the call and ring us back. Anyone legitimately calling from HSBC will not be upset if you say you prefer to phone us directly.
Smishing
This is the text message equivalent of phishing or vishing. Like them, it's an attempt to trick you into handing over your personal information.
How to spot fake emails and websites
Fraudsters use fake emails and websites to get you to unknowingly give away your passwords or bank details. Look out for these warning signs to spot them:
- poor design, typos or bad grammar
- the sender's email address doesn't match the name of the company domain it's meant to be coming from
- asking you to do something unusual
- asking for personal information
- an email link that says it's going somewhere that it isn't (tip: hover over a link in an email to see its real destination)
- a website that doesn't display the padlock symbol in their address bar when you log in
To report phishing websites or suspicious emails, contact us via phishing@hsbc.com. We'll send you an automatic response to let you know we've received your email but are unable to provide personalised responses to this mailbox.
Keep your software up-to-date
It's harder for viruses to infect updated software. The criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free, downloadable updates. So it's a good idea to install updates for your software as soon as they become available.
Just be wary of fake emails about bogus updates. Only use the update software that comes with your computer – don't click on links in emails.
You'll also want to make sure you're always using the most up-to-date web browser. Modern browser software adds a layer of protection against fake websites. So when you're looking at websites, your browser can warn you if you're visiting a fake or suspicious website.
Check your privacy settings
If you use social-networking websites, double-check your privacy settings to make sure you only share personal information with people you trust.
On these sites, you tend to share personal things about yourself. Anything from your mother's maiden name to the name of the first school you went to, your address, birthday and telephone number can be found on social media. And all this information is useful to people who want to steal your identity or break into your accounts.
Tips to stay safe
- don't download any free software on your computer unless you're certain it's safe
- use anti-virus software, and make sure it's up to date
- change your passwords regularly
- don't respond to unsolicited emails requesting information, and don't follow any links in them either
- make sure you're on a secure website before submitting banking or other sensitive information. Secure websites begin with 'https://' instead of 'http://'. They'll also contain a padlock icon on the address bar
You might be interested in
HSBC Safeguard
Learn more about our initiative to safeguard your hard-earned money from financial crime.
Secure online payments
Stay safe when you do your banking online with the HSBC Secure Key.
Unrecognised transaction?
If you suspect there's been fraud on your account, find out your next steps.