Fraud prevention guide

If you think you may have given your security details to someone, contact us immediately on: 03456 002 290.

For any other concerns about fraud, call us on: 03457 404 404 or, if abroad: +44 1226 261 010.

Here are some common scams to watch out for:

Phishing emails are unexpected messages that appear to come from a trusted organisation, such as your bank, HMRC or a retailer you've purchased from.

Typically, they’ll:

• encourage you to take urgent action and threaten to close your account if you don’t respond
• say that you’re owed money
• encourage you to click on a website link
• ask you to give confidential or security information (such as your online banking details, passwords, account numbers or PINs)
• include instructions to reply or verify your account – like completing a form attached to the email
• have poor spelling and grammar

If you receive an email you believe is suspicious:

• don’t click on any links
• don’t open any attachments 
• don’t reply
• contact the organisation using a phone number you know is genuine, or visit their website

If you’ve already shared your HSBC security details, please call us immediately on 03456 002 290.

If you've received an email from HSBC and you’re suspicious:

• forward it to us at phishing@hsbc.com, we’ll send an automatic response to let you know we’ve received your email
• delete the scam email and empty the recycle bin on your device 

Scammers often send fake text messages that look like they’ve come from your bank, or another trusted organisation. Their goal is to get you to reply with your personal or financial information.

Typically, they’ll:

• encourage you to take urgent action
• ask you to verify new payees, transactions or devices
• try to look genuine by copying text messages sent by an organisation and adding their own wording

If you've received an SMS, you believe is suspicious:

• don’t click on any links
• don’t download any attachments 
• don’t reply
• delete the text message
• contact the organisation using a phone number you know is genuine, or visit their website

If you’ve already shared your HSBC security details, please call us immediately on 03456 002 290.

If you've received an SMS from HSBC and you’re suspicious:

• you can check to see if the text message may be a scam
• screenshot the text message and send the image to phishing@hsbc.com  We’ll send you an automatic response to let you know we’ve received your email
• delete the text message

It's important to remember:

• banks and other organisations, such as the police and utility companies, will never ask for your PIN, password or banking codes.
• banks and other organisations, such as the police, will never ask you for your full PIN, password or banking codes
• we’ll never text you a link that takes you directly to our online banking log on page
• you should never share your security details with anyone else

A common scam is when criminals phone you out of the blue and claim to be from your bank, the police or another trusted organisation like your broadband provider. 

They can make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'.

They may also have gathered some information about you, such as your address and account details.

The caller may try to persuade you to:

• transfer money to a 'safe account' as your account is 'compromised'
• withdraw cash and hand it over to the 'police' for investigation
• give further personal and financial information

The caller may advise you to call the number on the back of your card if you tell them you think it’s a scam. Be aware that this is part of the scam, as scammers can keep landlines open and play a fake dial code. If you want to call your bank afterwards, make sure:

• you hang up the phone properly
• you wait 15 seconds
• the line is fully disconnected
• you wait another 15 seconds before beginning a new call

If you’ve shared your HSBC security details, please call us on 03456 002 290 once you have disconnected from the scammer’s call.

Authorised Push Payment (APP) scams happen when you’re persuaded to send money to a criminal.

APP scams, typically, involve:

• being tricked into sending money to a ‘safe account’ or the wrong person. For example, you may have received a scam email changing the bank details for a property purchase
• sending money to buy goods that don’t exist

We’re pleased to be among the first banks to sign up to a new voluntary code to combat APP scams, as part of our commitment to protecting you from fraud. 

If you've been a victim of an APP scam, be wary if someone contacts you and tells you they can help with your claim – it might be a further scam. Please contact us on 03457 404 404 so we can look into your case.

Purchase scams happen when you’re paying for an item or service. The item doesn't arrive or the service doesn't happen and your money is lost.

Typically, these scams:

• seem too good to be true - because they probably are
• have 'limited availability' or are a 'special offer' to encourage you to act before you have time to think it through
• persuade you to send money before receiving goods
• ask you to send money via bank transfer rather than using normal ways to pay

Remember to:

• use safe sites when shopping online
• use safe ways to pay, such as your debit or credit card 
• check the returns and cancellations policy
• research the retailer online to make sure they’re legitimate
• stop and think - would you be willing to send cash in the post for an item you've ordered?
• research and check the validity of the item before agreeing to pay via other means

If you've been a victim of a purchase scam, please call us us on 03457 404 404 so we can look into your case.

HSBC will only ever ask you to scan a QR code in the following scenarios:

• as an existing customer, when activating mobile banking on a new device using your old device registered with us
• as a new customer, during the process of completing identification checks when opening an account online

If you’re asked to scan a HSBC QR code in another scenario, it will not be genuine.

Criminals may contact you to offer investment opportunities which may seem too good to be true.

They often use false testimonials, fake celebrity endorsements, spoof websites and fake companies with similar names to genuine investment organisations. They can usually provide convincing marketing materials to make the scams appear genuine.

Check the Financial Conduct Authority (FCA) website to confirm the company is authorised and also look for verified contact details. The FCA also has a list of known scam companies and advice on how to avoid investment scams.

Criminals claim they can unlock pension funds by moving them from an existing scheme to a new one, allowing early access to benefits before the legal age of 55.

Victims of these scams are usually asked to pay a very high fee and may also face serious tax consequences. Be wary of scams like this and, if in doubt, seek advice from registered pension providers.

Victims may be instructed by the scammer, not to tell their pension provider exactly why they’re trying to withdraw funds.

Criminals monitor email traffic and, when payments are due, they send their own email that looks and feels like a genuine message from a company.

They tell you that the bank details for your payment have changed and give you the new details to send your payments to. This could be a house deposit to your solicitor, or a payment to a contractor for home improvements.

If you receive an email like this, always check with the company you’re making a payment to, on a genuine phone number, before making a payment with new bank details.

This type of fraud begins with a fast-moving, online relationship. Scammers try to lower your suspicions by appealing to your compassionate or romantic side, and then ask for money. They’ll go to great lengths to build rapport and form a highly emotional bond.

To avoid falling victim to one of these scams, never send money to someone you’ve only met online. Don’t agree to accept money from them to send on their behalf, as this could be the proceeds of crime.

Find out how to avoid romance scams.

Criminals may try to get important pieces of personal information, such as your name and address, date of birth and your mother’s maiden name. This could allow them to open credit accounts in your name, or to take over your account.

To keep your information secure, make sure your social media profiles are private and destroy bank statements, and similar documents, safely. Always consider the data and information you share with others.

You should also check your bank statements and report anything you don’t recognise straight away.

There are many fake websites, online adverts, emails, social media posts and texts that promise great holidays or travel arrangements which are fake. Either the holiday doesn’t exist – or it does exist, but has been sold to you by a criminal.

You might not realise you’ve been scammed until the flight tickets don’t arrive, or you turn up at the resort, airport or cruise terminal only to find you’ve lost your money.  

Whether it’s a short break or a dream holiday, you can find out more about how to avoid this type of scam by checking out Get Safe Online.

Criminals prey on those who are strapped for cash to act as ‘money mules’. This means you agree to allow money to be transferred through your bank account in exchange for payment. Hard-up students are often targeted.

You’ll be asked to provide your bank details, receive a payment into your account and then, either withdraw it in cash, or transfer it to another account.

Job adverts and spam emails offer ‘easy money’ and it might seem a harmless way to earn income. The money being transferred is stolen and used to fund organised crime.

This can get you into serious trouble. If you’re caught, your bank accounts will be closed, you’ll have problems applying for a loan, a mortgage or even a mobile phone contract. You may also be given a prison sentence of up to 14 years.

To learn more about the consequences of becoming a money mule and what the proceeds of money laundering are used for, check out the Don’t Be Fooled website.

Here are some useful links for the main UK organisations offering advice on how to guard against financial crime:

Action Fraud
You can report fraud or cybercrime to Action Fraud, a national reporting centre run by the City of London Police, working alongside the National Fraud Intelligence Bureau.

Cifas

This not-for-profit fraud prevention organisation was first launched in 1988 as the Credit Industry Fraud Avoidance System.

Cyber Aware

Previously known as Cyber Streetwise, this awareness campaign run by the Government, aims to help small businesses and individuals protect themselves against online criminals.

Get Safe Online

Get Safe Online offers free security advice to help protect people from fraud, abuse and other issues encountered online.

Financial Conduct Authority (FCA)

You can report scams to the FCA, an independent public body which regulates 58,000 businesses in the UK working in financial services.

Take Five

A government-backed national campaign led by Financial Fraud Action UK (part of UK Finance). Take Five offers advice on how to guard against financial fraud. 

For more help on protecting yourself against scams, tips on creating a secure password, and how to stay safe online, download our scams leaflet (PDF).