Top of main content
A lady is watching a smartphone; image used for HSBC Online security.

Online Security

Tools and tips to guard against cyber crimes.


Phishing is when a criminal sends you an email that tries to get you to give them your passwords and bank details or clicks the embedded links, QR code or file attachment to implant malware to the victim’s device. The email will say it is from a legitimate organization like a bank, online payment service or online retailer. It often looks very similar to an actual email sent by those companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organization's genuine site.

Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN or security code. The phishing site records everything you enter, and then uses your information to steal your money or execute unauthorized transactions through social engineering or computer intrusion technology.

To spot a phishing email, ask yourself the following questions:

  • Does it request personal information, like a credit card number or account password?
  • Were you expecting this message?
  • Does it have an attachment?
  • Does it ask you to do something unusual, like transfer money to an unknown source, or email your account details to someone?
  • Does the sender’s email address or phone number match the name of the company that it claims to be from?
  • Is your email address or phone number different from the one that you gave that company?
  • Was it sent or cc’d to more than just you? 

How can I tell if I'm being phished?

Fake websites:

  • Won't show the padlock symbol in the address bar when you log on
  • Are poorly designed, with typos or bad spelling and grammar
  • Have a different look and feel than the company’s regular website

If an email looks suspicious, don’t reply to it. Don't click on any links. Don't open any attachments. If you receive an email/SMS from HSBC that asks you to provide personal information, report it to us via our customer service hotlines or via immediately.

Protect yourself online

There are a few simple steps you can take to protect yourself online, whether you are a business owner or a private individual. There is always more that you can do, but we suggest you follow these guidelines as a minimum:

Password tips

When creating passwords, remember the following things:

  • Keep them to yourself. No one at HSBC will ever ask you for your internet banking password
  • Make them hard to guess
  • Vary them: Try to use different passwords for different services
  • Change your passwords regularly
  • Never write them down

More in this section

Find out how you can encrypt your email and ensure the security of your communications with the bank.

Find out about courier scams and other tactics used by criminals to steal personal information and defraud customers.

Listening to what you have to say about services matters to us. It's easy to share your ideas, stay informed and join the conversation.