At HSBC, we’re working hard to make sure your money is kept safe from fraud.

But it’s important that you also help to protect yourself by being aware of the different ways criminals may try to steal your money.

This guide looks at some of the common types of fraud and scams and how to avoid them.

How social engineering works

Social engineering works by gaining someone’s trust and getting them to disclose information that should be kept secure.

Scammers usually contact people by phone (vishing), text (smishing) or email (phishing). They’ll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person’s trust, they’ll then ask for sensitive information or things which will enable them access to the person’s bank accounts.

There are things your bank would never ask for, such as:

  • Your 4-digit PIN
  • To collect your credit or debit cards, cheque books or cash
  • Online banking codes like your secure key or passwords

To transfer funds to a different account for "safekeeping"

Call us to get help

Security team

If you think you may have given your security details to someone, contact us immediately on:
03456 002 290

Customer helpline
For any other concerns about fraud, call us on:
03457 404 404 or if abroad +44 1226 261 010

Textphone
03457 125 563 or if abroad +44 1792 494 394

Lost or stolen cards
If your debit or credit card has been lost or stolen and you’re not registered for online banking, phone our emergency line on:

0800 085 2401 or if abroad +44 1442 422 929

Fraudulent transactions

If you believe there’s been a fraudulent transaction on your card (debit or credit) please call us on:

03457 404 404

Common social engineering scams

Vishing

Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as ‘number spoofing’. The caller will then try to persuade you to:

  • Transfer money to another account for "safekeeping" or "holding"
  • Withdraw cash and hand it over "for investigation"
  • Give private information, which can then be used to gain access to your finances

To find out more about vishing, download our scams leaflet (PDF) .

Phishing

Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (such as HMRC) and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate site and often warn your account may be shut down unless you take some action or they may say you’re owed money.

If you receive one of these emails, don’t reply or click on a link that you’re not sure is genuine. Instead, contact the company, using a phone number you know is genuine.

Phishing emails typically:

  • Warn you of some sudden change in an account which means you have to confirm you still use the service
  • Sometimes have poor spelling and grammar
  • Ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
  •  Include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account. Don't open attachments or click on links if you suspect they may not be genuine.

If you’re suspicious of an email claiming to be from HSBC, forward it to phishing@hsbc.co.uk, delete it and empty your deleted items. We’ll send an automatic response to let you know we’ve received your email.

To find out more about phishing, download our scams leaflet (PDF) .

Smishing (SMS phishing)

Another thing to watch out for is suspicious text messages that look like they have come from your bank or another trusted organisation. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).

It's important to remember the following:

  • Banks and other organisations such as the police or service providers will never ask you for your full PIN, password or banking codes
  • HSBC will never text you a link that takes you directly to our log on page
  • Fraudsters can use "call spoofing" to deliberately falsify the telephone number relayed on your caller ID to show as a genuine bank number
  • Never share your security details with anyone else

If you’re unsure whether a text claiming to be from HSBC is genuine, please call the number on the back of your debit or credit card. You can also forward it on to phishing@hsbc.co.uk and we’ll investigate it.

To find out more about smishing, download our scams leaflet (PDF) .

Courier scams

Some fraudsters will claim to be from your bank or credit card company and try to arrange for a courier to collect your card. They may also ask you to write down your PIN and hand it over. The fraudster may even advise you to cut the card in half to try to seem genuine.

Please note that:

  • Banks will never ask for your card and/or PIN to be returned via courier
  • You should never give your PIN to anyone, even someone claiming to work for a bank

Other scams

Investment or "boiler room" scams

Cold calls offering investment opportunities which seem too good to be true. Fraudsters are known to sell worthless, overpriced or even non-existent shares. These scams can take many forms, but if it sounds too good to be true, it usually is. Check the FCA website to confirm the company is authorised. The FCA also has a list of some known scam companies plus some great advice on how to avoid investment scams.

To find out more about investment scams, download our scams leaflet (PDF) .

Pension liberation

Fraudsters typically target people under financial pressure by claiming they can unlock pension funds by moving pension funds from an existing scheme to a new one which allows early access to benefits before the legal age of 55. Not only are the victims of these scams usually asked to pay a very high fee to the fraudsters, they may face serious tax consequences. Be wary of offers like this and if in doubt, seek advice from registered pension providers.

Payment diversion

Scammers try to trick people into changing the bank details for a payment that's due to be made. For example, they may send emails pretending to be builders if you've had work carried out or solicitors for house purchases. Before sending any money, contact the biller on a phone number you know to be genuine to make sure it was them who sent the email.

Romance scams


This type of fraud begins with a fast-moving online relationship and ends in financial fraud. Scammers try to lower your suspicions by .appealing to your compassionate or romantic side and then ask for money. To avoid falling victim to one of these scams, never send money to someone you’ve only met online.
To find out more about romance scams, download our scams leaflet (PDF) .

Identity theft

Criminals may try get important pieces of your personal information, such as your name and address, date of birth and your mother’s maiden name, in order to open credit facilities in your name or to take over your account.

More information

For more details and help protecting yourself against scams and for tips on your password security and how to stay safe while shopping online, download our scams leaflet (PDF).

If you believe there’s been a fraudulent bank transfer or bill payment (i.e. not made with your credit or debit card) that you did not authorise please call us on 03456 100 135 (lines are open Monday to Friday from 9am - 6pm).

If you have authorised a bank transfer or bill payment (i.e. not made with your credit or debit card) and now believe you have been the victim of a scam, please call us on 03455 873523 (Lines are open 24/7).

Where to go for more help

Here are some useful links for the main UK organisations offering advice on how to guard against financial crime:

Financial Conduct Authority (FCA)

You can report scams to the FCA, an independent public body which regulates 58,000 businesses in the UK working in financial services.

Action Fraud

You can report fraud or cybercrime to Action Fraud, a national reporting centre run by the City of London Police working alongside the National Fraud Intelligence Bureau.

Cifas

This not-for-profit fraud prevention organisation was first launched in 1988 as the Credit Industry Fraud Avoidance System.

Cyber Aware

Previously known as Cyber Streetwise, this awareness campaign run by the Government aims to help small businesses and individuals protect themselves against online criminals.

Take Five

A government-backed national campaign led by Financial Fraud Action UK (part of UK Finance), Take Five offers advice on how to guard against financial fraud