We want you to be aware of the different ways criminals may try to steal your money
HSBC fraud guide
Bogus Calls - what can you do
You may receive calls from callers claiming to be from a well-known financial institution asking for sensitive personal information (eg internet banking user ID, ATM/ phone banking/ internet banking password) or selling credit products or services over the phone. The caller may also claim to be from HSBC or other financial institutions inviting applications for personal loan/tax loan/credit card.
You should know that HSBC has not authorised or appointed any intermediaries to conduct telesales marketing activities for promotion of unsecured personal loans such as personal loans, tax loans and credit cards.
Look for these signs to help you identify if a call is fraudulent:
A pre-recorded message notifying you of irregularities with your bank or card account
Pay attention when the caller:
refuses to provide, or provides a fake department name
is unwilling to provide a call back number
voice quality is relatively bad as if it is a long distance call
tries to build trust by providing account information proactively, e.g. by claiming irregularities with your bank or credit card account
focuses on products such as credit products or services with a low interest rate, such as personal loan, add on mortgage, re-mortgage
tries to close the sale as quick as possible
is impatient to discuss the product or service in detail
expresses annoyance or loses temper if you ask questions about the product or service
terminates the call by hanging up without any signal
What you can do:
Be calm and seek assistance immediately
Review and try to recall the personal information disclosed, including personal password or user ID
If you have shared your password, you should change it immediately
If you have disclosed your personal details to the suspicious caller, please contact and report the call to HSBC and the Police for investigation immediately
When you make a report, you should provide the caller's phone number, the personal information you've shared
Review your bank and credit card statements and advices for the following two to three months and report any irregularities to HSBC immediately
Change your password periodically to protect your personal information
Regulators and financial institutions frequently share warnings about the latest information in fraud. You should read and follow the advice shared in these warnings.
Keep your finances and personal data safe
Much has been made in the news media recently about the hazards of online hacking and data breaches, but what is seldom reported is how much simpler it is to "hack" people than computers. This process is called social engineering, and is far easier to do than one might think.
How social engineering works
Social engineering exploits aspects of human nature - behaviours that come naturally to us. Key to social engineering is the manipulation of trust - gaining a target's trust and thereby getting them to disclose information that should be kept secure.
Scammers contact their targets, usually via telephone (vishing), text or email (phishing), purporting to be individuals in positions of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained their target's trust, they then request sensitive information or items which allow them access to their target's bank accounts - things your bank would never request themselves, such as:
Your 4-digit Personal Identification Number (PIN)
Credit or debit cards, chequebooks or cash
Online banking codes or passwords
Transfer of funds to a different account for "safekeeping"
Common social engineering scams:
These HSBC Safeguard videos show how HSBC is dealing with Financial crime and how your support will go a long way to help us make banking safer.
Fraudsters call out of the blue claiming that a fraud has already happened, or may be imminent. They may already have some information about you, and may pose as bank staff, the police and other officials or companies in a position of trust.
The fraudster will then try to persuade you to:
Transfer money to another account for "safekeeping" or "holding"
Withdraw cash and hand it over "for investigation"
Divulge private information, which can then be used to gain access to your finances
In many cases, these cold callers will suggest you hang up the phone and call them back on another number. However, it is easy for them to keep the connection open and intercept the call, so all the information you think you're giving to your bank is actually going to them.
It's important to remember:
Be wary of unsolicited approaches by phone, especially if you are asked to provide any personal information
If you are suspicious or feel vulnerable, don't be afraid to end the call and refuse requests for information
Fraudsters can use "call spoofing" to deliberately falsify the telephone number relayed on your caller ID to show as a genuine bank number
HSBC will never call you to ask you to generate a Secure Key code or ask for your PIN number
Never share your security details with anyone else
Criminals may already have some basic information about you (name, address, account details); don't assume a caller is genuine because they have these details or because they claim to represent a legitimate organisation.
Be wary of unsolicited emails that appear to be from your bank and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate site and often warn that your account may be shut down unless you take some action. These emails are designed to steal your personal information and use it to access your accounts.
Do not reply to or, click on a link from any email that you are not sure is genuine. Instead contact the company, using an authenticated telephone number.
Phishing emails typically:
Warn you of some sudden change in an account which requires you to verify that you still use the service
Use poor spelling and grammar
Request confidential or security information such as your internet banking details, passwords, account numbers or PINs
Include instructions to reply, complete a form or document attached to the email or click through to a website in order to verify your account.
Don't open attachments or click on links if you suspect they may not be genuine.
If you receive a suspicious-looking email purporting to be from HSBC, forward it to firstname.lastname@example.org, delete it and empty your deleted items.
Smishing (SMS Phishing)
Be wary of suspicious text messages sent by fraudsters that look like they have come from your bank to trick you into giving over your personal and financial information (by calling a number or clicking a link).
It's important to remember:
HSBC will never ask you for your full PIN or password
HSBC will never text you a link that takes you directly to our login page
Fraudsters can use 'text spoofing' to deliberately falsify the telephone number to appear as 'HSBC' to seem like a genuine bank text
Never share your security details with anyone else
If you have suspicions regarding a text message from HSBC, call us on a known number (e.g. number on the back of your card) to check before acting on it.
Some fraudsters will claim to be from your bank or Credit Card company and arrange for a courier to collect your card. They may also ask you to write down your PIN and hand it over as well. To add credibility the fraudster may even advise you to cut the card in half.
Please note that:
HSBC will never ask for your card and/or PIN to be returned via courier
You should never divulge your PIN to anyone, even someone claiming to work for the bank
HSBC's fraud detection teams will only ever ask for partial information; for example, they will never ask for your mother's full maiden name or full date of birth
To ensure that our fraud detection team can get in touch if any suspicious activity seems to be taking place on your account, please provide HSBC with up to date contact details including a mobile telephone number.
Investment or "Boiler room" scams
Beware of cold calls offering too-good-to-be-true investment opportunities. Fraudsters are known to sell worthless, overpriced or even non-existent shares. These can take many forms, but there are some common factors you should look out for including:
Unrealistically high returns offered for "low risk" investments
Lack of independent evidence of the validity of the scheme
Pressure to make quick decisions
Instructions to keep the approach confidential
Approaches from someone whose only contact details consist of a mobile phone number
Unfortunately, if it sounds too good to be true, it usually is.
Pension liberation involves transferring pension funds from an existing scheme to a new one, to allow early access to benefits before the legal age of 65. Fraudsters typically target people under financial pressure and will sometimes claim that they can unlock some or all of their pension fund for a fee, which can be very high and may result in serious tax consequences. Be alert to offers like this and if in doubt seek advice from registered pension providers.