Top of main content

Avoid social engineering scams and phishing

You can help us fighting fraud too, by reporting any suspicious communications.

Have you ever received the following types of email, SMS, phone call, or spam messages over instant messengers etc.?

  • Does it ask you to do something unusual, like transfer money to an unknown account, or email your account details to someone?
  • Warns you of some sudden change in an account which means you have to click hyperlink and confirm you still use the service
  • Asks for confidential or security information such as your online banking details, passwords, account numbers or PINs

Table of content

Social engineering scam and phishing

  • What is a social engineering scam?
  • What is Phishing?
  • What to do if you encountered phishing?

Understand common types of phishing attack

Social engineering scam and phishing

What is a social engineering scam?

How social engineering works

Social engineering works by gaining someone’s trust and getting them to disclose information that should be kept secure.

Scammers usually contact people by phone (vishing), text (smishing), email (phishing) or Spam over instant messaging (SPIM). They’ll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person’s trust, they’ll then ask for sensitive information or things which will enable them access to the person’s bank accounts.


There are things your bank would never ask for, such as:

  • your 4-digit PIN
  • online banking codes like your secure key or password

Your bank would also never ask:

  • your credit or debit cards or verification code (OTP) for internet purchase or digital wallet binding
  • transfer funds to a different account for 'safekeeping'

What is Phishing?

What is Phishing?

Phishing is when a criminal sends you an email that tries to get you to give them your passwords and bank details or clicks the embedded links, QR code or file attachment to implant malware to the victim’s device. The email will say it is from a legitimate organisation or companies like a bank, online payment service or online retailer. It often looks very similar to an actual email sent by those organisation or companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organisation or companies’ genuine site.

Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN or security code. The phishing site records everything you enter, and then uses your information to steal your money or conduct credit card or bank account fraud.

What to do if you encountered phishing?

What to do if you receive a suspicious email/SMS


HSBC may send you emails from time to time but will never ask for your security information or encourage you to log on to Internet Banking. HSBC will never attach a link to a web page that would ask for this information. If you receive an unsolicited email from HSBC encouraging you to do this, it will be a "Phishing" email. 

To report phishing websites, smishing texts or suspicious emails which have requested personal banking information contact us via We’ll send you an automatic response to let you know we’ve received your email but are unable to provide personalised responses to this mailbox. 

Please ensure you copy the full email, smishing text or website address (URL) into the body of the email. 

Please do not send any personal customer verification details within the email. 

Kindly note emails will be processed by a third party on behalf of HSBC Global Services (UK) Limited and by HSBC Group companies. 

If you believe you have shared your confidential information either online, by telephone or any other means call us immediately using the telephone number on the back of your card or the customer service hotline recorded on our HSBC Official website.

Understand common types of phishing attack

Listening to what you have to say about services matters to us. It's easy to share your ideas, stay informed and join the conversation. To improve the protection of customers' rights for the elderly or customers with special needs, the Bank provides relatives or friends to accompany them to participate in the communication to understand the product information, and provides enough time to consider whether to apply for related products. Please contact us via contact center (02)6616-6000 or email if any doubt/concern or further explanation is needed.