Top of main content

Latest scam warnings

On this page we'll regularly keep you updated about the latest types of scam.

If someone contacts you out of the blue by phone, email or text message:

Stop – taking a moment to stop and think before parting with your money or information could keep you safe.
Challenge – could it be fake? It's OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect – contact someone you trust, such as a friend or family member and contact the company directly.

More ways to stay safe online

We also regularly post warnings about common scams on our social media channels FacebookInstagram and Twitter.

HSBC Fraud & Cyber awareness app

The HSBC Fraud and Cyber awareness app keeps you up to date with current scams, fraud trends and guides to help protect you and your money.

Get the latest alerts straight to your phone. You can also share content to your social channels, and test your knowledge with our range of quizzes.

November 2023: Black Friday scams

Fraudsters are out to fool people during Black Friday with deals that don’t exist. These are called purchase scams.

Purchase scams happen when you pay for a product or service that doesn't get delivered. This means your money is lost.

Watch out for offers that:

  • feature a too-good-to-be-true deal or discount
  • have 'limited availability' to encourage you to act quickly
  • are advertised on social media or other online marketplaces

Remember to:

  • use safe sites when shopping
  • research the retailer online to make sure they’re legitimate
  • research the item you want to buy

Find out more about purchase scams and other common scams.

October 2023: Mobile app fraud

Beware of downloading fake or fraudulent apps onto your mobile phone.

How mobile app fraud works

Criminals can make fake or fraudulent apps. They try to trick you into downloading them onto your phone by clicking unsafe links, or not using your phone’s official app store.

These fake mobile apps contain malware, which can block, redirect or impersonate legitimate apps including the HSBC Mobile Banking app. One of these fake apps is called ‘PDF AI’. It impersonates a genuine app with a similar name.

The fake apps ask for personal information like usernames or credit card details. This may be to trick you into thinking you’re logging on to your banking app. Criminals could then use your information to try and steal your money.

How to spot fake apps

  • you might be asked to download them from somewhere other than your phone’s official app store
  • spelling mistakes on log on pages
  • you might be asked you to do something different to how you usually log on

How to stay safe

It’s up to you to make sure you keep your phone safe. We’re reporting the fake apps we’re aware of, but criminals make new ones or change the names all the time. Protect yourself by:

  • not clicking on unexpected or suspicious-looking links
  • updating to the latest version of your phone’s operating system
  • keeping apps up to date

Where to get help

Your phone company’s product support team can help you if you’re worried you might have installed malware through a fake app. 

If you think you’ve been scammed, call the number on the back of your HSBC card straight away.

September 2023: High street discount scams

When high street shops close down, scammers pretend to sell off their stock.

You may see fake websites claiming to offer big discounts for retailers which have actually gone out of business.

What to look out for:

  • strange-looking web addresses
  • web addresses which are slightly different from the genuine one
  • deals or discounts that seem too good to be true

Remember to:

  • use safe sites when shopping online
  • research the retailer online to make sure they’re legitimate

Find out more about purchase scams and other common scams.

If you think you've been scammed, call the number on the back of your HSBC card straight away.

August 2023: Deepfake technology

Deepfake technology is an escalating cyber security threat.

This technology uses software and machine learning to make content that realistically replicates voice, mannerisms, or vocabulary. The aim is to trick you into believing that what you see or hear is authentic and trustworthy.

Criminals are investing in this type of technology to create fake celebrity endorsements, to convince customers and build credibility for fake products and services.

How to spot a deepfake:

  • Obvious blinking – people may appear to blink abnormally.
  • Lip syncing – the person's voice may appear to be out of sync and have a patchy skin tone when talking.
  • Flickering – fine details, such as hair, are hard to render for deepfakes. The video may flicker around the edges of faces.
  • Jewellery and teeth – badly rendered jewellery and teeth can be a giveaway, as can strange lighting effects.

How to stay safe:

  • do not act immediately
  • visit a trusted source, such as a genuine website or social media account, to verify what is being said or done
  • be mindful of your personal information and who is in your social media network

July 2023: Call diversion scam

Call Diversion is a feature available through your telephone provider which lets you divert calls to almost any phone, including your mobile. You may be charged a fee by your provider for using the service.

You can dial:

  • *21 to divert calls
  • *61 to divert any missed calls
  • *62 to divert calls when your phone is switched off
  • *67 to divert calls when your phone is engaged

Fraudsters are impersonating bank staff, claiming they need to confirm information by dialling a code, usually sent via text. Watch out for unexpected messages which ask you to dial one of these codes on your phone. 

They will ask you to dial a call diversion code followed by a phone number and #.

For example, you may be asked to dial *21+447XXXXXXXXX#.

Dialling these numbers will not confirm any information with HSBC. Instead, this will send a request to your telephone provider to divert phone calls to the number stated after the *21.

This will be a number owned by fraudsters, who will then be able to answer your calls. 

If you’re a victim to this type of scam, call ##002# to cancel active call diversions. You’ll receive a notification when the cancellation is successful.

You should also contact HSBC using the number on the back of your card and inform your telephone provider.

June 2023: ‘Clone firm’ or ‘brand cloning’ investment scams

Fraudsters may set up fake firms using the name, address, and ‘Firm Reference Number’ (FRN) of real companies authorised by the FCA. The FCA refers to these as clone firms

Fraudsters may also impersonate firms and their real employees. Once set up, these fraudsters will try to convince you that they're the real firm by sending you sales materials linking to legitimate websites or sending literature copied from legitimate firms.

The FCA advises anyone considering an investment opportunity to check the Warning List of firms. The list is updated daily and the FCA recommends avoiding unauthorised firms.

The FCA also advises to use the phone number on the FCA Register to contact an authorised firm to make sure you’re dealing with the real firm.

The specific details of a firm, such as the telephone number and website address, can be verified on the FCA Register.

You can protect yourself further by:

  • rejecting unsolicited investment offers whether made online, on social media, or over the phone
  • seeking impartial advice before investing
  • being cautious, even if you initiated contact

If you think you've been scammed, call your bank immediately using the number on the back of your card or from their website. You can report fraudulent activity directly to Action Fraud.

June 2023: Vehicle fraud

31% of 18-24 year-olds have been a victim of vehicle fraud.

In the UK, the favourite way to buy and sell vehicles is online. To help you do this safely, here’s some expert advice from the Vehicle Safe Trading Advisory Group (VSTAG).

Buying safely

If a deposit is requested, don’t pay more than you’re willing to lose

A potential scam associated with deposits are up-front transportation fees. You should only pay this fee once your car has been delivered.

Check the price

Does the price, condition, or mileage of the vehicle seem too good to be true? If so, perform a free valuation on Auto Trader.

If the vehicle is below market value, think twice and ask the seller questions. There may be some genuine underlying reasons why the vehicle is under-priced.

See the vehicle in person and make sure it exists before making a payment.

You can also pay by credit card for extra security.

To find out more about vehicle fraud, read our Purchase Scam Case Study and see Get Safe Online’s Buying and Selling Vehicles Online tips.

May 2023: Mobile fraud

Fraudsters are targeting customers to gain access to banking apps on mobile phones, a senior UK fraud officer has said.

Detective Superintendent John Roch stated that the technology behind the apps is secure, but fraudsters are getting better at exploiting human behaviour:

"It's only a phone but if you take that out without the right precautions and protections around it, you are essentially walking around with a bag of cash. If you start to think of it like that, would you walk into a bar, put it down and turn your back on it? Probably not."

Fraudsters commonly ‘shoulder surf’ their victims to catch them entering their PIN before stealing the phone. Victims are often unaware that someone is observing them. 

Fraudsters then use the PIN to unlock the phone and try the same PIN to access banking apps.

They will also search the phone's notes section for security details or PINs.

How to stay safe:

  • enable biometric security (face or finger print) if possible
  • use different security details for unlocking your phone and accessing banking apps
  • stay vigilant when entering your PIN and do not share it
  • don't save your security details or PINs in your phone’s notes
  • enable ‘Find My’ on your device to find, lock, or erase your device
  • make a note of your phone's IMEI number (a unique number for identifying devices on mobile networks) so your phone provider can disable your stolen phone

If your phone is lost or stolen, you should:

  • report the loss to HSBC and your mobile phone provider immediately
  • ensure the lost device is removed as a registered device within HSBC Mobile Banking
  • remove any linked cards in your digital wallet
  • stay alert to fraudsters pretending to be your device’s manufacturer
  • think twice before tapping on any links and visit their website directly

April 2023: Never share one-time passcodes

Fraudsters may contact you claiming to be from HSBC and appear genuine.

They will claim you need to take action to protect your account because it's been compromised. They may ask you to:

  • share a one-time passcode
  • delete your HSBC UK Mobile Banking app

Doing either of these could give a fraudster access to your money.

We will NEVER contact you and ask you to share your security details or one-time passcodes.

These codes should never be shared. They are one time use, numeric codes which are used to confirm your identity or approve genuine transactions you've made.

The codes will not initiate a refund or reverse a transaction.

If you've shared any security details, call us using the number on the back of your card and report it to Action Fraud.

Find out more about managing your devices registered for mobile banking.

April 2023: Ticket fraud

Avoid buying gig, festival or sports tickets from anyone apart from official vendors, the box office or reputable fan seller sites.

If you do, you could be a victim of fraud.

Criminals typically pose as a seller and post on social media or an online marketplace. They'll tell you they’ll post or email the tickets once you’ve transferred the money to their bank account.

But when you try to contact them after nothing’s arrived, they’ve disappeared off the face of the earth.

This happens to thousands of music, sports and other fans every year who get tricked into buying fake or non-existent tickets.

Remember to:

  • buy tickets only from the venue’s box office, official sellers or reputable fan sites
  • don’t click on social media, text or email links or attachments offering tickets, as they could link to fraudulent or malware sites
  • avoid paying for tickets via bank transfer
  • check sellers’ privacy and returns policies
  • keep receipts until after the event

Find out more about the Get Safe Online campaign Buying Tickets Safely Online.

March 2023: WhatsApp scams

Criminals pose as loved ones and send messages out of the blue. Sometimes, conversations start on text and move to WhatsApp.

They will:

  • pretend to be a loved one, often children, asking for money urgently due to an emergency.
  • pretend to be someone you know and ask you save their new contact number, so when they message you to send money a few days later, it seems more realistic as it’s from a ‘known contact’.
  • claim to be a friend that has sent you their code by accident and ask you to help them by sending it to them. Once the criminal has this code, they can login to your WhatsApp account and lock you out.

Trading standards officers say these messages can be very convincing and plausible.

Always remain vigilant when using online platforms to talk to family or friends.

If you're not sure that someone is who they say they are, the best way to check is to call them using a phone number you know to be genuine. By speaking to them verbally, you'll know it's their voice.

If you receive a message out of the blue, remember:

  • don't reply
  • delete the message
  • forward it to your mobile operator on 7726

Never share one-time passcodes used to check your identity.

February 2023: Romance scams

Take extra care at this time of year to guard against romance scams.

Fraudsters are known to target victims by setting up fake profiles on dating websites, apps and social media.

Beware of criminals looking to exploit your emotions with romance scams. They’ll make you feel loved, build trust, then start asking for money.

They might tell you:

  • they live outside the UK and claim they need money to pay for the cost of travelling to see you
  • they have a relative who needs an urgent operation, but can't afford to pay for it
  • they have a large inheritance, but can't access the money

They might also ask you to help fund an investment opportunity.

Never send money to someone you've only met online.

If you think you've fallen for a romance scam, you can call us using the number on the back of your credit or debit card and report it to Action Fraud.

Can you spot the tell-tale signs? Download the HSBC Fraud and Cyber Awareness app and try our romance scams quiz.

Find out more about romance scams

How one woman was scammed out of £100,000

January 2023: HMRC scams

Fraudsters use key times in the tax year as an opportunity to make 'social engineering' attacks.

These can be:

  • scam emails
  • scam texts
  • bogus phone calls

A favourite time for these attacks is the HMRC deadline for self-assessment tax returns on 31 January.

You should also watch out also for messages pretending to be from HMRC as the end of the tax year approaches. These might claim you've received a tax rebate and ask for your account details.

To spot a scam, look for these tell-tale signs: 

  • poor spelling and grammar
  • requests for confidential information such as online banking details, passwords or PINs
  • offers of money or rewards, like lottery prizes
  • warnings your account may be shut down unless you take some type of action

Read more about tax phishing scams

Back to top 

Explore more