Please take time to read through the top scams we are currently seeing, for more advice on protecting yourself, please visit our Security Centre.

Do not share your banking codes

Fraudsters are increasingly calling people pretending to be Banks, Internet Providers (BT, Talk Talk etc), Police and other trusted organisations. They will give various reasons for the phone call such as suspicious/fraudulent transactions on your account and problems with your computer. The fraudsters are very convincing and will ask people to provide them with their Secure Key code/activation code in order to stop fraudulent payments/ secure account/to verify the customer plus many other reasons.

Do not be fooled by these types of phone calls, please stop and think about whether what they are asking you is genuine and makes sense.

Please remember the following:

  • Never share your Secure Key code with anyone. This code is for your personal use to input on the HSBC internet banking website or on the HSBC Mobile Banking App and should never be divulged to unauthorised parties. You may allow Third Party Providers to provide services for you and therefore may be asked to input your login details. Before doing so you should check if the TPP is authorised to provide such services.
  • Your Secure Key is used to log in to internet banking and to set up new payees therefore if you provide others with these codes they will have the ability to set up new payments on your account.
  • Never share an activation code you have received via text or email from HSBC with anyone. This code is for your personal use when setting up tokens for internet banking and HSBC Mobile Banking App.
  • Never log onto internet banking while someone else has access to your computer (such as via a programme called Team Viewer).
  • HSBC would never ask you to turn off your mobile phone.

If you are unsure of a telephone call you have received, hang up and call the company back on a known and trusted number, from a different phone if possible.

People rather than banks are being targeted, in part, because online and mobile banking systems are so secure. However, taking these steps will help to protect you and let you continue to enjoy HSBC's online and mobile banking services.

If you'd like to find out more, report a problem or contact our security services, please visit our Security Centre.

Smishing (SMS Phishing)

Be wary of suspicious text messages sent by fraudsters that look like they have come from your bank- to trick you into giving over your personal and financial information (by calling a number or clicking a link).

It's important to remember:

  • HSBC will never ask you for your full PIN or password.
  • HSBC will never text you a link that takes you directly to our login page.
  • Fraudsters can use 'text spoofing' to deliberately falsify the telephone number to appear as 'HSBC' to seem like a genuine bank text.
  • Never share your security details with anyone else.
  • If you have suspicions regarding a text message from HSBC, call us on a known number (eg number on the back of your card) to check before acting on it.

If you suspect a text is Smishing, please forward it to phishing@hsbc.co.uk

For further information and support please visit our Security Centre.

Computer Takeover Scam (Remote Access Takeover)

Members of the public are being warned of a new-style telephone scam in which fraudsters impersonate major companies and organisations to take over computers to steal money from online bank accounts.

Criminals are using technology to take control of victims' computers from remote locations, after telephoning them and offering to help with a slow computer or internet connection. There has been a recent increase in reports of this type of scam.

To carry out this fraud, scammers are impersonating internet service providers, computer companies, banks, software firms and law enforcement. They are also claiming to be calling as a result of recent high-profile data breaches.

The scammers claim there is a problem with the victim's computer or internet service which is causing it to run slowly.

They say they can fix it but need to access their computer to do so.

Victims are then asked either to visit a website or enter a command prompt on their computer, which gives the scammers control of the machine remotely.

The fraudster will take some time to 'fix' the problem, in some cases as long as 30 or 40 minutes.

During the call, the scammer will either tell the victim they are entitled to compensation or pretend to put them through to a supervisor, who will make the offer.

The scammer will say they are sending the money and will ask the victim to log into their bank account to check it has arrived.

But the scammers will still have access to the computer and will put up a fake screen which makes it appear the money has arrived. Working in the background, they will take money from the victim's bank account. Alternatively, the scammers may transfer money between accounts to make it look like payment has been made.

The fraudster may also ask for a bank passcode sent by text message or generated by a card reader, claiming that this is required to process the refund. But this code will actually enable them to set up a new payee and take funds from the victim's account.

In an alternative version of this scam, fraudsters may say the money has been sent but they have accidentally sent thousands of pounds, rather than hundreds, an error which will cost them their job. They will transfer money between the victim's bank accounts to make it seem as if they have sent too much.

In this case, the fraudster will ask for the difference to be refunded via wire transfer.

To avoid falling victim to this scam, you should:

  • be wary of unsolicited approaches by phone claiming to offer a refund.
  • avoid letting someone you do not know or trust have access to their computer, especially remotely.
  • never log onto your internet banking while someone else has access to your computer.

Never disclose your:

  • Four digit card PIN to anyone, including the bank or police.
  • Your password or online banking codes (including activation code).
  • Personal details unless you are sure who you are talking to.

Katy Worobec, Director of Financial Fraud Action UK, has quoted:

"Fraudsters are cunning and will go to great lengths to steal your cash. This scam is just another example of the tricks they will use."

"You should never let someone else have access to your computer remotely, especially if they have contacted you via an unsolicited phone call. If you are in doubt, then call the organisation back on a number you trust; if they are legitimate they will understand."

"Do not share your bank account details with anyone and make sure any computer you use to log onto your internet banking is secure."

For further information and support please visit our Security Centre.