At HSBC, we’re working hard to make sure your money is kept safe from fraud.
But it’s important that you also help to protect yourself by being aware of the different ways criminals may try to steal your money.
This guide looks at some of the common types of fraud and scams and how to avoid them.
Updates: We'll also let you know about the latest scams as they're reported to us.
Listen to our Nice Alert
Being friendly and willing to co-operate might make you more vulnerable to the tricks of fraudsters. That's according to a new study into the victims of financial crime. Listen to our Nice Alert for tips on how to protect yourself.
Authorised Push Payment (APP) Scams Voluntary Code
A new voluntary Code has been launched to help combat Authorised Push Payment (APP) scams. HSBC UK is pleased to be among the first banks to sign up to the Code as part of our commitment to protecting our customers from fraud.
APP scams trick customers into authorising a payment to an account they believe is genuine – but is in fact controlled by a criminal.
If you've been a victim of an APP scam, beware if someone contacts you and tells you they can help with your claim - it might be a further scam. Please contact us using one of the phone numbers on this page so we can look into your case.
For more information on the new voluntary code, visit the Lending Standards Board website.
How social engineering works
Social engineering works by gaining someone’s trust and getting them to disclose information that should be kept secure.
Scammers usually contact people by phone (vishing), text (smishing) or email (phishing). They’ll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person’s trust, they’ll then ask for sensitive information or things which will enable them access to the person’s bank accounts.
There are things your bank would never ask for, such as:
- your 4-digit PIN
- online banking codes like your secure key or password
Your bank would also never ask to:
- collect your credit or debit cards, cheque books or cash
- transfer funds to a different account for 'safekeeping'
Common social engineering scams
Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'. The caller will then try to persuade you to:
- transfer money to another account for 'safekeeping' or 'holding'
- withdraw cash and hand it over 'for investigation'
- give private information, which can then be used to gain access to your finances
To find out more about vishing, download our scams leaflet (PDF).
Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (such as HMRC) and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate source and often warn your account may be shut down unless you take some action or they may say you’re owed money.
If you receive one of these emails, don’t reply or click on a link that you’re not sure is genuine. Instead, contact the company using a phone number you know is genuine.
Phishing emails typically:
- warn you of some sudden change in an account which means you have to confirm you still use the service
- sometimes have poor spelling and grammar
- ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
- include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account
Don't open attachments or click on links if you suspect they may not be genuine.
If you’re suspicious of an email claiming to be from HSBC, forward it to firstname.lastname@example.org, delete it and empty your deleted items. We’ll send an automatic response to let you know we’ve received your email.
To find out more about phishing, download our scams leaflet (PDF) .
Smishing (SMS phishing)
Another thing to watch out for is suspicious text messages that look like they have come from your bank or another trusted organisation. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).
It's important to remember the following:
- Banks and other organisations such as the police or service providers will never ask you for your full PIN, password or banking codes.
- HSBC will never text you a link that takes you directly to our log on page.
- Fraudsters can mimic text headers so that their messages can join a conversation beneath ones you know are genuine.
- Never share your security details with anyone else
If you’re unsure whether a text claiming to be from HSBC is genuine, please call the number on the back of your debit or credit card. You can also forward it on to email@example.com and we’ll investigate it.
To find out more about smishing, download our scams leaflet (PDF) .
Some fraudsters will claim to be from your bank or credit card company and try to arrange for a courier to collect your card. They may also ask you to write down your PIN and hand it over. The fraudster may even advise you to cut the card in half to try to seem genuine.
Please note that:
- Banks will never ask for your card and/or PIN to be returned via courier
- You should never give your PIN to anyone, even someone claiming to work for a bank
Investment or "boiler room" scams
Cold calls offering investment opportunities which seem too good to be true. Fraudsters are known to sell worthless, overpriced or even non-existent shares. These scams can take many forms, but if it sounds too good to be true, it usually is. Check the FCA website to confirm the company is authorised. The FCA also has a list of some known scam companies plus some great advice on how to avoid investment scams.
To find out more about investment scams, download our scams leaflet (PDF) .
Fraudsters typically target people under financial pressure by claiming they can unlock pension funds by moving pension funds from an existing scheme to a new one which allows early access to benefits before the legal age of 55. Not only are the victims of these scams usually asked to pay a very high fee to the fraudsters, they may face serious tax consequences. Be wary of offers like this and if in doubt, seek advice from registered pension providers.
Scammers try to trick people into changing the bank details for a payment that's due to be made. For example, they may send emails pretending to be builders if you've had work carried out or solicitors for house purchases. Before sending any money, contact the biller on a phone number you know to be genuine to make sure it was them who sent the email.
This type of fraud begins with a fast-moving online relationship and ends in financial fraud. Scammers try to lower your suspicions by appealing to your compassionate or romantic side and then ask for money. To avoid falling victim to one of these scams, never send money to someone you’ve only met online.
To find out more, read our article about romance scams.
Criminals may try get important pieces of your personal information, such as your name and address, date of birth and your mother’s maiden name, in order to open credit facilities in your name or to take over your account.
To keep your information safe, make your social media profiles private and destroy bank statements and similar documents safely. Always check your bank statements and report anything you don’t recognise straight away.
There are many fake websites, online adverts, emails, social media posts and texts that promise great holidays which aren’t real.
Either the holiday doesn’t exist - or it does exist, but has been sold to you by a fraudster.
You think you’ve booked and paid for a hotel room, a flight, a package holiday or a cruise but it turns out to be non-existent. You might not realise you’ve been scammed until the flight tickets don’t arrive or you turn up at the resort, airport or cruise terminal only to find you’ve lost your money.
Whether it’s a short break or a dream holiday, you can find out more about how to avoid this type of scam by checking out Get Safe Online, a joint initiative between government, police and business, which is supported by HSBC.
Criminals persuade people to allow money to be transferred through their account in exchange for payment.
They often target those who are a little strapped for cash, normally students.
If you agree to do this, you’re acting as a ‘money mule’.
You may have seen a job advert on social media or on a legitimate job site, or even received a spam email or message offering ‘easy money’. All you have to do is provide your bank details, receive a payment into your account and then either withdraw it in cash or transfer it to another account. Either way, you’re promised a certain amount as payment.
It might seem an easy and harmless way to earn income - but the money being transferred is stolen, often as a result of phishing or other scams.
Becoming a money mule can get you into serious trouble. If you’re caught, you’ll have problems applying for credit in the future, your bank accounts will be closed and you could even go to prison for up to 14 years.
To learn more about the consequences of becoming a money mule and what the proceeds of money laundering are used for, check out the Don’t Be Fooled campaign.
For more details and help protecting yourself against scams and for tips on your password security and how to stay safe while shopping online, download our scams leaflet (PDF).
Call us to get help
If you think you may have given your security details to someone, contact us immediately on:
03456 002 290
For any other concerns about fraud, call us on:
03457 404 404 or if abroad +44 1226 261 010
03457 125 563 or if abroad +44 1792 494 394
Lost or stolen cards
If your debit or credit card has been lost or stolen and you’re not registered for online banking, phone our emergency line on:
0800 085 2401 or if abroad +44 1442 422 929
If you believe there’s been a fraudulent transaction on your card (debit or credit) please call us on:
If you believe there’s been a fraudulent bank transfer or bill payment (not made with your credit or debit card) that you didn't authorise please call us on 03457 404 404 (lines are open Monday to Friday from 09:00-18:00).
If you've authorised a bank transfer or bill payment (not made with your credit or debit card) and now believe you've been the victim of a scam, please call us on 03455 873523 (Lines are open 24/7).
Where to go for more help
Here are some useful links for the main UK organisations offering advice on how to guard against financial crime:
You can report scams to the FCA, an independent public body which regulates 58,000 businesses in the UK working in financial services.
You can report fraud or cybercrime to Action Fraud, a national reporting centre run by the City of London Police working alongside the National Fraud Intelligence Bureau.
This not-for-profit fraud prevention organisation was first launched in 1988 as the Credit Industry Fraud Avoidance System.
Previously known as Cyber Streetwise, this awareness campaign run by the Government aims to help small businesses and individuals protect themselves against online criminals.
A government-backed national campaign led by Financial Fraud Action UK (part of UK Finance), Take Five offers advice on how to guard against financial fraud