Fraud prevention guide
We all think fraud is something that happens to other people, until it happens to us.
HSBC is committed to protecting customers against fraud – but there are lots of ways you can help to protect yourself too. Discover more about the different types of fraud and how to spot them below.
Remember, there are things your bank would never ask for, such as:
- your 4-digit PIN
- online banking details (including any codes generated from your Secure key or passwords)
- your credit or debit cards, cheque books or cash
- the transfer of funds to a different account for 'safekeeping’
Here’s what to do if you’re contacted unexpectedly by phone, email or text message:
- Stop and think – if it’s unexpected, be suspicious
- Don’t call numbers in messages or emails without checking they’re genuine
- Don’t click on unfamiliar links - go to the official website or app
- If in doubt, check with an advisor, friend or family member before taking action
What’s the difference between fraud and a scam?
Fraud is a transaction, or suspicious activity on your account which you had no knowledge of, and didn’t authorise. A third party has performed an action on your account without you being aware.
A scam is where a criminal convinces you to reveal personal information, or tell them your banking security details. They’ll then attempt to convince you to knowingly authorise a payment from your account to a person, company, or for goods you believe to be genuine.
How do scams or fraudulent activity happen?
Scammers usually contact people by email, text or phone. They often claim to be a person you would trust, and try to get you to disclose personal details. They may say that they’re from a bank, utility provider, tax office or even the police.
Fraudsters can also communicate with you online. They may pretend to be your friend(s) or a member of your family, by hacking or spoofing their social media profiles and tricking you into sending them money.
They can sound genuine, as they may have gathered information about you online.
You can safeguard your personal details online, by checking your privacy settings and controlling what information you share.
To help keep your information secure:
- make sure your social media profiles are private
- destroy bank statements and similar documents safely
- always think carefully before sharing data with others
- stop and think before accepting a call, or responding to an SMS or email
How to report a scam or fraudulent activity?
Please contact your Relationship Manager to discuss any fraud concerns at the earliest available opportunity.
Common methods fraudsters may use to contact you
Here are some common methods fraudsters will use to contact you:
Phone (vishing)
A common scam is when a criminal contacts you out of the blue, claiming to be from your bank, the police, or another trusted organisation, like your broadband provider.
They can make the call seem authentic by using ‘number spoofing’. This is where they make their phone number look like a number you know and trust.
They may also have gathered some information about you, such as your address and account details.
SMS (smishing)
Scammers often send fake text messages that look like they’ve come from your bank, or another trusted organisation. Their goal is to get you to reply with your personal or financial information.
Typically, they’ll:
- encourage you to take urgent action by clicking on a link, or making a call
- ask you to verify new payees, transactions or devices
- try to look genuine by copying text messages sent by an organisation and adding their own wording
- often be sent from unknown mobile numbers
If you've received an SMS, you believe is suspicious:
- don’t click on any links
- don’t download any attachments
- don’t reply
- delete the text message
- contact the organisation using a phone number you know is genuine, or visit their website
If you've received an SMS from HSBC and you’re suspicious:
- you can check examples of genuine and fake texts on received a text?
- screenshot the text message and send the image to phishing@hsbc.com. We’ll send you an automatic response to let you know we’ve received your email
- delete the text message
It's important to remember:
- banks and other organisations, such as the police, will never ask you for your full PIN, password, or banking codes
- we’ll never text you a link that takes you directly to our online banking log on page
If you do click on a link, fraudsters may continue to contact you.
Email (phishing)
Phishing emails are unexpected messages that appear to come from a trusted organisation, such as your bank, HMRC, or a retailer you've purchased from.
Typically, they’ll:
- encourage you to click on a website link
- urge you to take urgent action and threaten to close your account if you don’t respond
- say that you’re owed money
- ask you to give confidential or security information (such as your online banking details, passwords, account numbers or PINs)
- include instructions to reply, or verify your account – like completing a form attached to the email
- sometimes have poor spelling and grammar
If you receive an email you believe is suspicious:
- don’t click on any links
- don’t open any attachments
- don’t reply
- contact the organisation using a phone number you know is genuine, or visit their website
If you've received an email from HSBC and you’re suspicious:
- forward it to us at phishing@hsbc.com, we’ll send an automatic response to let you know we’ve received your email
- delete the scam email and empty the recycle bin on your device
Authorised Push Payment (APP) scams
Authorised Push Payment (APP) scams happen when you’re persuaded to send money by a criminal. Here are some typical APP scams and warning signs to beware of:
False sense of panic
Criminals often try to persuade you to take action in a hurry, making you panic before you have time to think it through properly.
Safe accounts
You may be tricked into sending money to a ‘safe account’. For example, criminals may claim your account has been compromised and tell you to move your money to a new account that's been opened for you.
Property purchase
This is where you receive a fake email or invoice changing the payment details for a property purchase.
Goods and services
This scam aims to persuade the victim to pay for goods or services that don’t exist. Find out more about purchase scams.
Investment scams
Criminals offer bogus investment opportunities that promise very high returns. Sometimes the scam can offer a high return over a short period or it might be over a longer term with some initial returns made on the investment. Read more about investment scams and cloned companies.
Impersonation scams
Victims send money to fraudsters impersonating a trusted organisation, a person they think they know or even a friend or family member. This includes refund scams where you're told you're getting money back that you weren’t expecting. Find out more about other types of impersonation scams such as payment diversion and romance scams.
Asking you to lie
If you're asked to lie to your banks about the reason for your payment, or cash withdrawal, that's a tell-tale sign of a scam.
Purchase scams happen when you’re paying for an item, or service. The item doesn't arrive, or the service doesn't happen and your money is lost.
Typically, these scams:
- ask you to send money via bank transfer rather than using normal ways to pay
- seem too good to be true (because they probably are)
- have 'limited availability', or are a 'special offer' to encourage you to act quickly
- are typically advertised on social media or other online marketplaces, or in some cases through legitimate looking websites that have actually been setup by fraudsters
- persuade you to send money before receiving goods
Remember to:
- use safe sites when shopping online
- use safe ways to pay, such as your debit or credit card
- check the returns and cancellations policy
- research the retailer online to make sure they’re legitimate
- stop and think - would you be willing to send cash in the post for an item you've ordered?
- research and check the validity of the item before agreeing to pay via other means
- If possible, ask to see the item before proceeding
- approach an independent professional to authenticate the goods or services you are purchasing
Criminals may contact you to offer investment opportunities which may seem too good to be true - offering guaranteed, or very high, returns.
They often cold call you, use false testimonials, fake celebrity endorsements, spoof websites and fake or cloned companies with similar names, or cloned names, to genuine investment organisations.
They can usually provide convincing marketing materials to make the scams appear genuine, or use current news and other media outlets to make the opportunity seem realistic
Remember to:
- conduct your research – if you’re entering into a cryptocurrency investment, make sure you understand the offer and how the investment works
- contact the company on an independently verified number or email address and confirm that the person you’re dealing with is a legitimate representative of their firm
- seek advice from a financial advisor
Pension scams
Criminals claim they can unlock pension funds by moving them from an existing scheme to a new one, allowing early access to benefits before the legal age.
Victims of these scams are usually asked to pay a very high fee and may also face serious tax consequences. Be wary of scams like this and, if in doubt, seek advice from registered pension providers.
Payment diversion Scams
Criminals can hack and monitor your emails, and when payments are due, they’ll send their own email that looks and feels like a genuine message from a company, or firm.
They tell you that the bank details for your payment have changed and give you the new details to send your payments to. This could be a house deposit to your solicitor, or a payment to a contractor for home improvements.
Remember to:
- check with the company you’re making a payment to, on a genuine phone number, before making a payment with new bank details
- check for poor spelling and grammar within the email – sometimes there can be errors which can be a strong indicator of a scam
- check the email address is correct
This type of fraud begins with a fast-moving, online relationship. Usually, a fake picture and profile are used.
To avoid meeting up in person, the fraudster may claim to be working overseas, for example, they may say they’re in the armed forces, or working for a voluntary service.
Scammers try to lower your suspicions by appealing to your compassionate or romantic side, and then ask for money. They’ll go to great lengths to build rapport and form a highly emotional bond.
To avoid falling victim to one of these scams, never send money to someone you’ve only met online. Don’t agree to accept money from them to send on their behalf, as this could be the proceeds of crime.
Holiday scams
There are many fake websites, online adverts, emails, social media posts and texts that promise great holidays or travel arrangements which are fake. Either the holiday doesn’t exist – or it does exist, but has been sold to you by a criminal.
You might not realise you’ve been scammed until the flight tickets don’t arrive, or you turn up at the resort, airport or cruise terminal only to find you’ve lost your money.
Whether it’s a short break or a dream holiday, you can find out more about how to avoid this type of scam by checking out Get Safe Online.
How to report a scam
If you think you've been the victim of a romance scam, report it to your Relationship Manager, and the dating site or app (if relevant)
How to avoid holiday scams
The last thing you want when you head away on holiday is to find out you haven’t actually booked your flight or hotel room.
Unfortunately, there are many hotel scams, villa scams and flight scams that promise great holidays which aren’t real.
Either the holiday (or parts of the holiday) doesn’t exist, or it does exist but has been sold to you by a fraudster. You might not realise you’ve been scammed until the flight tickets don’t work or you turn up at the resort, airport or cruise terminal only to find you’ve lost your money.