Phishing is when a criminal sends you an email that tries to get you to give them your passwords and bank details or clicks the embedded links, QR code or file attachment to implant malware to the victim’s device. The email will say it is from a legitimate organization like a bank, online payment service or online retailer. It often looks very similar to an actual email sent by those companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organization's genuine site.
Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN or security code. The phishing site records everything you enter, and then uses your information to steal your money or execute unauthorized transactions through social engineering or computer intrusion technology.
To spot a phishing email, ask yourself the following questions:
- Does it request personal information, like a credit card number or account password?
- Were you expecting this message?
- Does it have an attachment?
- Does it ask you to do something unusual, like transfer money to an unknown source, or email your account details to someone?
- Does the sender’s email address or phone number match the name of the company that it claims to be from?
- Is your email address or phone number different from the one that you gave that company?
- Was it sent or cc’d to more than just you?
How can I tell if I'm being phished?
- Won't show the padlock symbol in the address bar when you log on
- Are poorly designed, with typos or bad spelling and grammar
- Have a different look and feel than the company’s regular website
If an email looks suspicious, don’t reply to it. Don't click on any links. Don't open any attachments. If you receive an email/SMS from HSBC that asks you to provide personal information, report it to us via our customer service hotlines or via firstname.lastname@example.org immediately.
Protect yourself online
There are a few simple steps you can take to protect yourself online, whether you are a business owner or a private individual. There is always more that you can do, but we suggest you follow these guidelines as a minimum:
Keep your operating system, web browsers and other software up to date
Install anti-virus software
Avoid online fraud and scams
Learn to spot fake emails and fake websites
Keep your passwords and personal information secure
Don't share private information online
Secure your wireless network
Protect your mobile phone and tablet devices
How HSBC protects you online
When creating passwords, remember the following things:
- Keep them to yourself. No one at HSBC will ever ask you for your internet banking password
- Make them hard to guess
- Vary them: Try to use different passwords for different services
- Change your passwords regularly
- Never write them down
More in this section
Find out how you can encrypt your email and ensure the security of your communications with the bank.
Find out about courier scams and other tactics used by criminals to steal personal information and defraud customers.