Here are some useful tips and suggestions to stay safe
Stay alert to suspicious messages, calls, and scams
Scammers might pretend to be from HSBC and ask for your personal information. They may call you, send a text message, send an email (also known as "phishing"), or create fraudulent websites to impersonate HSBC and our staff.
Do not share any personal information or bank account details as this can be used by scammers for illegal activities.
We'll never send you any links or contact you to ask for your account information. Contact us to verify the identity of who has tried to contact you when you're in doubt.
Here's a few tips to protect you from being scammed:
carefully check the transaction information in any messages you get for your credit card transactions.
contact us to change your password if you think your password has been compromised or is being used by scammers.
Kindly exercise due care prior providing your personal details , bank account information and effect payments to recruiters /job adverts.
Are you looking for jobs? While you’re doing that, stay vigilant for sugar-coated wordings such as “no experience required”, “amazing perks and short working hours” and “quick and easy money”.
Scammers may post job ads which require no experience as well as claiming that you could earn quick and easy money. The only thing that may be requested is your personal information, and sometimes even your bank account password and/or credit card credentials. After obtaining your information, these “employers” will immediately vanish into thin air!
To avoid falling into job scams, here are some tips you need to know:
Do background check on the company, don’t just rely on job descriptions.
Watch out if the company refuses to disclose any of its information, or only provides its social media or messaging account.
If you‘re asked to provide sensitive information from the start, that’s a huge red flag. Never give away information such as your online banking credentials, one-time-passwords (OTP), apply any loans on behalf of third parties or make fund transfer for commissions.
When applying for jobs, don't pay any fees upfront to the company or related parties.
Beware of Crypto Scams
Scammers are always finding new ways to steal your money and crypto scams are on the rise. Below are top tips to avoid being a victim of crypto scams.
• Never share your private keys with anyone.
• Only invest in projects you have thoroughly researched and understand.
• Be wary of unsolicited offers and don't engage with them.
• Watch out for phishing scams and verify the legitimacy of any message or email before responding.
• Watch out for any “too good to be true offer”, REMEMBER, only scammers will guarantee future “too good to be true offer” returns.
• Never mix online dating and investment advice. If you are offered advice through dating sites, which advises to invest in crypto, or asks you to send them crypto, that’s a scam.
4 May is World Password Day - Secure Your Passwords
Why is this unknown email asking me for a verification code for password reset when I haven’t even done anything? Seems suspicious.....
Whether it’s a verification code or a password, you should refrain from disclosing it to anyone to avoid hackers stealing your data! To protect your accounts, never click on any suspicious links or emails.
Here are some guidance to enhance password safety to keep hackers at bay!
• Set a strong password using a combination of upper and lower case letters, numbers and symbols.
• Avoid commonly used words
• Log in via safe channels using e.g. Biometric Authentication/ Mobile Security Key.
• Avoid using the same password for all platforms.
• Log out of websites and devices when you’ve finished using them
Never Fall Prey To “Investment Masters”
Scammers may disguise themselves as successful investors in chat groups on social media and instant messaging platforms. They may actively offer unsolicited investments pitches like “Insider Information” and “The Ways To Get Rich”.
You might be asked to pay an up-front deposit to secure the investment. What's more, they may recommend financial products which are not regulated or may advertise highly speculative virtual commodities e.g. cryptocurrencies or investment schemes. After earning your trust, they will entice you to get your formal agreement and even offer to make an investment on your behalf!
There is no such thing as a risk-free high return investment!
Do your own research to understand the risks of the product.
Cautiously re-consider the advice of intermediaries you are dealing with.
Speak to qualified financial adviser or regulatory authorities when in doubt.
Protect your heart and your pocket from Romance Scams
” You and I are one and the same: I'm so lucky to have found you. “
These sweet words may sound like music to anyone's ears, but they could also very well be rehearsed lines scammers used to convince you into revealing more about your personal life. Love scammers know exactly how to tug at your heartstrings. Don't let their sweet talk lure you into giving up your bank details or other personal data. To keep your heart and your bank account safe, be vigilant at all times and definitely don't send money to people you don't know much about.
Received messages claiming to be from HSBC? Look closely
Criminals are using spoofing tactics to entice you to open links that prompt you to reveal your personal information.
Your account credentials (e.g. online banking username and password, one-time passcode, and credit card credentials) and other sensitive personal information such as your National Identity Card number and date of birth are important and should be well protected. If fraudsters manage to steal such information, it may result in financial loss. Remember to keep your personal information safe!
HSBC will never send any SMS or email with a link requesting you to log on to online banking. If you receive message with such request and claiming to be from HSBC, ask yourself:
Is this message unexpected?
Does the message include suspicious hyperlinks or QR codes?
Is the message requesting for your personal information, like your account credentials, ATM PIN, etc.?
Are you being asked to do something unusual, e.g. log on to your account via a link, transfer money or provide one time passcode (OTPs)?
If your answer is "yes", then remember:
Do not open links or scan QR codes
Do not download any attachments
Do not reply or disclose sensitive information
Watch out for fake websites and social media accounts
Criminals use fake social media accounts and websites. They set them up to con people into giving away their personal details, passwords and bank details.
They may even make these look like it comes from us and might contain a link to a website. They could also ask you to make a phone call or contact them through different messaging applications and by email.
They are good at making these look realistic. But the fake ones often share some common characteristics:
Strange looking profile, too good to be true offers, email or web addresses
Poor design, typos or bad spelling
They ask you to do something unusual
A website site that requires you to log in but doesn't display the padlock symbol in the address bar when you do so
If in doubt or if you come across similar websites and social media account:
Don't click on any links.
Don't respond or call on the phone number provided therein.
Report the page through the social media provider.
Reporting Phishing and Smishing
To report phishing websites, smishing texts or suspicious emails which have requested personal banking information contact us via Phishing@hsbc.com. We'll send you an automatic response to let you know we've received your email but are unable to provide personalised responses to this mailbox.
Please ensure you copy the full email, smishing text or website address (URL) into the body of the email.
Please do not send any personal customer verification details within the email.
Kindly note emails will be processed by a third party on behalf of HSBC Global Services (UK) Limited and by HSBC Group companies.
If you believe you have shared your confidential information either online, by telephone or any other means call us immediately using the telephone number on the back of your card.
HSBC may send you emails from time to time but will never ask for your security information or encourage you to log on to Internet Banking. HSBC will never attach a link to a web page that would ask for this information. If you receive an unsolicited email from HSBC encouraging you to do this, it will be a "Phishing" email. See 'How Social Engineering works' (below) for more information.
How social engineering works
Social engineering works by gaining someone's trust and getting them to disclose information that should be kept secure.
Scammers usually contact people by phone (vishing), text (smishing) or email (phishing). They'll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person's trust, they'll then ask for sensitive information or things which will enable them access to the person's bank accounts.
There are things your bank would never ask for, such as:
your 6-digit PIN
online banking codes like your secure key or password
Your bank would also never ask to:
collect your credit or debit cards, cheque books or cash
transfer funds to a different account for 'safekeeping'
Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'. The caller will then try to persuade you to:
transfer money to another account for 'safekeeping' or 'holding'
withdraw cash and hand it over 'for investigation'
give private information, which can then be used to gain access to your finances
Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (government tax institution) and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate source and often warn your account may be shut down unless you take some action or they may say you're owed money.
If you receive one of these emails, don't reply or click on a link that you're not sure is genuine. Instead, contact the company using a phone number you know is genuine.
Phishing emails typically:
warn you of some sudden change in an account which means you have to confirm you still use the service
sometimes have poor spelling and grammar
ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account
Don't open attachments or click on links if you suspect they may not be genuine.
If you're suspicious of an email claiming to be from HSBC, forward it to email@example.com, delete it and empty your deleted items.
Smishing (SMS phishing)
Another thing to watch out for is suspicious text messages that look like they have come from HSBC or another trusted organisation. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).
It's important to remember the following:
Banks and other organisations such as the police or service providers will never ask you for your full PIN, password or banking codes.
Fraudsters can mimic text headers so that their messages can join a conversation beneath ones you know are genuine.
If you're unsure whether a text claiming to be from HSBC is genuine, forward it on to firstname.lastname@example.org and we'll investigate it.
Never share your security details with anyone else.
Shop online safely
Don't be in a rush to order online, since there are so many untrustworthy website and personal sellers out there! If you want to protect your money, here a few reminders to safeguard your confidential information:
Watch out for third-party apps that can't be verified .Verify if the websites or individual sellers are legitimate merchants, especially those on social media.
Browse on a computer instead of a mobile phone – you're less likely to accidentally click on a link, and computers are not as vulnerable to data theft.
Type in a URL instead of clicking on a link.
Check that a website's URL begins with https://, which means any data sent will be secure, then double-check for the encrypted padlock on the payment page.
Steer clear of pop-ups or turn them off.
Take time to read privacy notices, terms and conditions, especially for sellers who will save your personal and credit card information to keep your data safe.
Check your statements regularly to make sure no unauthorised transactions are being made.
Be careful about potential privacy leakage. When making online transactions, don't leave traces for hackers to track you. Take note of below points and prevent your personal data from being leaked:
• Manage App's Permission Always download from an official and trustworthy source, but more importantly, be careful of the level of access you grant to the app, such as contacts, photo album and personal information.
• Install Antivirus and Anti-theft software Install an antivirus software with a good reputation so as to block suspicious websites and malicious programmes. Scan your files for virus detection
• Make sure you keep it up to date from time to time Always have the latest security protection- update your smartphone's operating system and security patches regularly via official channels.
Change your PINS and passwords immediately if you think your personal data has been compromised.
Stay vigilant for charity scams exploiting war in Ukraine
Be cautious on social media posts - Be sceptical of social media posts that promote a charity unless you verify that the organization is legitimate. The friend recommending it may not have done their research and the number of likes for a social media post doesn't say much about its legitimacy.
Research on the beneficiary – Use caution to check the charities/beneficiary carefully before giving. Only donate to authentic charities that are vetted and recognized by international organizations. Be wary of messages even from trusted sources unless you verify that the message is authentic. To do this, contact said source by other means than the one by which you received it, e.g., by phone on websites if you got it by email, etc.
Do not send cash or money wire - Avoid donating cash or through wire. Never click on an ad or social media post if you want to donate. Instead, after establishing the charity is authentic, donate directly through its website.
Beware of requests for personal information – Do not reply to any email/message from what appears to be a valid charity or relief organization, that requests for you to provide personal information or banking information of any kind.
Beware of links and attachments - Avoid clicking on links or downloading attachments in unsolicited emails or social media messages, particularly from unknown sources and those that add to the sense of alarm. They may attempt to lure you into unwittingly downloading malware onto your device.
Don't give in to undue pressure – Scammers will attempt to use the urgency of the situation to rush you into donating. Be leery of high-pressure pitches and requests to wire money.