Fraud Prevention Guide

Criminals are impersonating our fraud team. Fraudsters are calling our customers, asking for personal information and passcodes in order to access their accounts. We will never ask for your online banking passcodes, one-time passcodes, telephone banking PINs, or ask you to delete the mobile app. Keep safe and learn more about how you can protect yourself.

Keeping your finances and personal data safe

Although HSBC has market-leading fraud detection systems, we still need you to be aware of the different ways criminals may try to steal your money. We'll talk you through some of the most common scams, and give you tips on how to keep your money safe.

Think you've been targeted?

What's social engineering?

Social engineering is used to make someone do what you want. Key to this is taking advantage of trust - making someone trust you and getting private information from them.

Scammers contact targets, usually on the phone (vishing), text or email (phishing). They pretend to be people you can trust, such as bank staff, phone or utility workers, or even the police. Once you trust them, they'll ask for sensitive information or items to get into your bank accounts. Some examples are:

Your 4-digit PIN
Credit or debit cards, chequebooks or cash
Online banking codes or passwords
Transfer of funds to a different account for 'safekeeping'
One-time passcodes. These codes should never be shared. We'll never ask you for this
Deleting your mobile banking app. Fraudsters may ask you to do this. We'll never ask you to delete the mobile app

Common social engineering scams

Vishing is where you get an unexpected call from someone claiming you've been the victim of fraud, or it's about to happen. They may already have some information about you and say they're from the bank, the police or another trusted company. The fraudster then persuades you to:

Transfer money to another account for 'safekeeping' or 'holding'
Withdraw cash and hand it over 'for investigation'
Share private information, which can be used to gain access to your finances

In many cases, these cold callers suggest you hang up the phone and call them back on another number. However, it's easy for them to keep the connection open, so all the information you think you're giving to your bank is actually going to them.

Remember:

Be wary of unexpected phone calls, especially if you're asked to provide any personal information
If you're suspicious or feel vulnerable, don't be afraid to end the call and refuse requests for information
Fraudsters can falsify the telephone number shown on your caller ID to look like a genuine bank number
HSBC will never call you to ask you to generate a Secure Key code, or ask for your PIN number
Never share your security details with anyone else

Criminals may already have some basic information about you, such as name, address, account details. Don't assume a caller is genuine because they have these details, or because they claim to represent a legitimate organisation.

Be wary of unexpected emails appearing to be from your bank with links urging you to provide confidential, personal or financial information.

Emails are often well designed and appear to come from a legitimate site. They could warn that your account may be shut down unless you take action.

Don't reply or click on a link if you're not sure the email is genuine. Instead, contact the company using an authenticated telephone number.

Phishing emails typically:

Warn of sudden changes in an account which require you to verify that you still use the service
Use poor spelling and grammar
Request confidential or security information such as your online banking details, passwords, account numbers or PINs
Include instructions to reply or complete a form attached to the email, or click through to a website to verify your account - don't open attachments or click on links if you suspect they're not be real

If you receive a suspicious-looking email claiming to be from HSBC, forward it to phishing@hsbc.com, delete it and empty your deleted items.

Be wary of suspicious text messages that look like they're from your bank. They may try to trick you into giving over your personal and financial information, often by calling a number or clicking a link.

Remember:

HSBC will never ask you for your full PIN or password
HSBC will never text you a link that takes you directly to our log on page
Criminals can falsify the telephone number to appear as 'HSBC', so it looks like a genuine bank text
Never share your security details with anyone else
If you're unsure about a text message from HSBC, call us on a known number (eg from the back of your card) to check before acting on it

If you suspect a text is smishing, forward it to phishing@hsbc.com.

Discover more common scams

Stop, challenge, protect

If you're contacted out of the blue by phone, email or text and something doesn't seem right:

Stop - taking a moment to stop and think before parting with your money or information could keep you safe
Challenge - could it be fake? It's ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you
Protect - check with someone you trust, such as a friend or family member and contact the company directly

Think you've been targeted?

If you think you've been targeted by a fraudster, let our security services team know straight away.

Call us on:

03456 002 290

From outside the Channel Islands or Isle of Man call us on:

+44 1470 697139

Lines open 08:00-20:00

If you receive a suspicious-looking email, forward it to phishing@hsbc.com, delete it and empty your deleted items.

Keeping your finances and personal data safe

What's social engineering?

Common social engineering scams

Vishing

Phishing

Smishing (SMS phishing)

Stop, challenge, protect

Think you've been targeted?

You might also be interested in

Fighting crypto scams

Report a problem

Secure Key Secure Key This link will open in a new window

Disclaimer

Customer support

Secure Key This link will open in a new window