Top of main content

Helping you stay safe online

HSBC aims to ensure your money is always kept safe from fraud, and we want you to be aware of the different ways fraudsters may try to steal your money.

How do fraudsters operate?

Fraudsters exploit human nature - behaviours that come naturally to us. Key to this is the manipulation of trust - gaining a target's trust and getting them to disclose information that should be kept secure.

Common fraud methods


Phishing involves fraudsters sending an unsolicited e-mail that appears to be from your bank or an online retailer requesting you to update your personal and financial information such as date of birth, online login information, account details, credit card numbers, PINs etc.

The e-mail may contain a link that takes you to a website that looks identical (or very similar) to the organisation's genuine site. Fraudsters can then capture personal data like passwords as you type it in or download malware onto your computer.

Smishing (SMS Phishing)

Smishing involves text messages sent by fraudsters that look like they have come from your bank to trick you into giving over your personal and financial information (by calling a number or clicking a link). Fraudsters also use 'text spoofing' to deliberately falsify the telephone number to appear as 'HSBC' to seem like a genuine bank sms.


Fraudsters call out of the blue claiming that a fraud has already happened, or may be imminent. They may already have some information about you, and may pose as bank staff, the police and other officials or companies in a position of trust. The fraudster will then try to persuade you to:

  • transfer money to another account for 'safekeeping' or 'holding'
  • withdraw cash and hand it over 'for investigation' 
  • divulge private information, which can then be used to gain access to your finances

Be vigilant - warning signs to look out for

  • be wary of unsolicited approaches by phone, especially if you are asked to provide personal information
  • beware of unsolicited e-mails or SMS messages asking you to update or verify your personal details, Personal Internet Banking login or security details such as Secure Key passwords/values or Credit Card Debit Card PINs. HSBC will never request this type of information
  • beware of instructions to reply, complete a form or document attached to the email or click, through to a website in order to verify your account
  • links within emails or SMS from HSBC will never take you directly to our login page and will always take you to information pages

How to protect yourself

  • don't open attachments or click on links if you suspect they may not be genuine
  • never share your security details such as PIN or passwords with anyone
  • install anti-virus software and keep it up-to-date to protect you against viruses such a malware, trojans, spyware and adware
  • keep your browser up-to-date as modern browser software adds protection against fake websites
  • keep your software up-to-date as it's harder for viruses to infect updated software

If you are in doubt about the legitimacy of the e-mail/SMS, or if you think that you have been a victim of a phishing/smishing/vishing scam, please contact