If someone contacts you out of the blue by phone, email or text message:
Stop – taking a moment to stop and think before parting with your money or information could keep you safe.
Challenge – could it be fake? It's OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect – contact someone you trust, such as a friend or family member and contact the company directly.
More ways to stay safe online
We also regularly post warnings about common scams on our social media channels Facebook, Instagram and X.
If you get a text, WhatsApp or some other kind of message asking for money, it could be a scam. Scammers are messaging people and pretending to be family members or friends, before asking for help.
It’s always a good idea to check the sender is who they say they are. Call the person on their usual number or speak to them in person to make sure. You can also check with mutual friends or other family members.
Don't:
If you think you’ve been scammed:
Be on the lookout for scam emails and texts from fraudsters posing as HM Revenue & Customs (HMRC) as the tax year ends in April.
Scammers send bogus messages claiming to be from HMRC. These can be harder to spot around the end of the tax year, when you might be expecting real alerts from HMRC.
Criminals might try to trick you into handing over your account or card details by claiming you’ve received a tax rebate. They might also send fake bank details to fool you into sending your tax payments to the scammers instead of to HMRC.
Don’t let your guard down. If you get an email or message from HMRC, stop and think. Could it be a scam? HMRC will never ask you to hand over confidential information like passwords, one-time passcodes (OTPs) or your PIN. You should also never share your HMRC login details.
If you’re contacted and think it might be a tax scam:
If you need to contact HMRC, only use phone numbers, links or web addresses from official websites or letters.
Met a new partner or friend online? Say they can't meet you in person? If they ask you to send them money, it could be a fraudster using a fake identity to scam you.
Criminals set up fake profiles on dating sites or social media and start ‘relationships’ with victims who think they’re talking to a real person. They build trust, often over months of chatting and even phone calls. There’s usually a believable reason they can’t meet in person. Then they play on your emotions to trick you into sending them money.
It’s easy to be fooled – read how Marjorie lost £100,000 to a romance scam.
A scammer you’ve only met online might ask you for money and say things like:
If someone you’re talking to online asks for money, stop and think. Check in with family or friends you know in person for a second opinion.
Never send money to someone you haven’t met in person. They might not be who they say they are.
Call us using the number on the back of your card if you think you’ve been the victim of a romance scam.
A ‘deepfake’ video circulating on social media is using HSBC’s name to push a bogus investment opportunity.
The scam video appears to feature a broadcast journalist delivering news of 'easy returns' from 'AI-powered investment' software. While this might appear genuine, it has been confirmed as a fake.
Some things to bear in mind:
Your security is our top priority. Scammers are using ever more sophisticated technology to trick victims, but we have robust systems in place to counter any threat. We do, however, always recommend you remain cautious and report any suspicious financial activities to us, or the police.
As the festive season approaches, be aware of potential scams.
Here are some common scams and tips to stay safe:
Key points for shopping safely online:
Read more about how to shop safely at Christmas.
When you’re shopping online, be on the lookout for scammers offering Black Friday deals that don’t exist. Purchase scams happen when you pay for a product or service that doesn't get delivered - and you lose your money.
Stop before you spend and think before you send.
Ask yourself:
Black Friday takes place on 29 November this year.
Find out more about purchase scams and other common scams.
There's a rise in text message scams where victims are sent fake parking charges.
The Driver and Vehicle Standards Agency (DVSA) says the text messages claim you have a ‘parking penalty charge’ to pay.
They warn you might be banned from driving or taken to court if you don’t pay on time.
The messages also say you could be charged more for not responding.
They often contain a link inviting drivers to enter a licence plate number. These are followed up with further threats in the form of ‘reminders’ the following day.
If you’re contacted and think it might be a text scam:
Instead, you should report scam text messages to the National Cyber Security Centre.
If you’ve responded to a scam text message or been tricked into sharing personal information with a scammer, you can take immediate steps to protect yourself.
If you’ve lost money or given away important details as a result of responding to a text message, report it to Action Fraud or call 0300 123 2040 in England, Wales or Northern Ireland (101 in Scotland).
If you're eating out, don’t get bitten by PIN re-entry scams.
Fraudsters are targeting unsuspecting customers at restaurants, airports and tourist hotspots. They take advantage of distracted diners and travellers by exploiting handheld devices used at the point of sale. The trick is especially effective with low-cost items because they're easier to go unnoticed.
You think you're paying for something relatively cheap with your debit card, like a sandwich or a drink. The scammer (often posing as an employee) hands you a device and asks for a PIN.
You enter it, but the scammer tells you the transaction has failed and asks you to try your PIN again.
When the scammer hands you the device, it isn’t at the PIN entry screen - it’s at the stage where the amount of money for the payment is entered. When you enter your PIN (say, 1234) you’re actually entering £1,234. The transaction hasn’t failed, it’s been queried.
By entering your PIN a second time, you're confirming a fraudulent transaction for the much larger amount.
Make sure you always check the transaction amount screen before you enter your PIN
Confirm the amount you’re paying is what you’re expecting
If a transaction ‘fails’, always ask for a receipt to confirm this
Be extra cautious if you’re rushed or asked to make a payment somewhere very crowded
Contact your bank or credit card company straight away if you suspect you’ve been defrauded.
If you think you’ve been a victim of fraud, call the number on the back of your HSBC card immediately. You can also report it to Action Fraud.
If someone asks you to buy gold and hand it to them for safekeeping, it’s a scam.
Fraudsters are tricking people into buying gold, other precious metals, or jewellery and then physically handing it over to criminals.
They may pose as police, bank employees, or other government officials (or all of these together) to make you believe your money is not safe in the bank.
The exact details of each scam can vary. They may involve more than one scammer posing as different organisations. They may tell you:
Scammers will make you believe they are helping you to trick you into giving them gold. They might ask you to buy it from a reputable supplier.
The police and government agencies will NEVER ask you to buy gold. Anyone who does this is trying to trick you.
Stop and think. If you are asked to buy gold to stay safe, it is a scam. Legitimate fraud investigations will not ask you to do this.
If someone contacts you or asks you to buy or hand over gold or jewellery, hang up immediately.
If you think you’ve been a victim of fraud, call the number on the back of your HSBC card immediately. You can also make a report to Action Fraud.
Avoid buying gig, festival or sports tickets from anyone apart from official sellers or the box office.
If you buy from unofficial sources, you could be a victim of fraud.
Criminals typically pose as a seller and post on social media or an online marketplace.
They'll tell you they’ll post or email the tickets once you’ve transferred the money to their bank account.
But when you try to contact them after nothing’s arrived, they’ve disappeared off the face of the earth.
This happens to thousands of music, sports and other fans every year who get tricked into buying fake or non-existent tickets.
Remember to:
Scammers are targeting international students in the UK with emails and phone calls, often from China.
Sometimes they already have personal details like a student’s ID card to seem more real. Be cautious.
The scammers are well prepared to make themselves seem genuine. They often present on video messaging services dressed in what appear to be official police uniforms with a badge.
Fraudsters like to ask for high value payments and try to hide their crime by asking you to put through a payment as ‘friends and family'. They then ask you to lie if your bank asks questions about the purpose of payment.
“You will be deported if you don’t pay”
“You must pay now to avoid a criminal investigation”
“Keep this call a secret”
A money mule is someone who's tricked into helping criminals by moving money into or out of their own bank account. It often seems like a harmless request – but it is a crime and has serious consequences.
Scammers persuade people to accept payments into their bank accounts. They tell them to transfer the money on to a different account or withdraw cash and hand it over to them. They may offer payments, gifts or rewards for doing this.
Scammers often target people facing financial difficulties or those looking for a quick way to make some extra cash. It can seem like an easy way to make money without having to do much. They may approach you through social media, spam emails or build a friendship with you in person before asking for your help.
It might seem like a harmless way to increase your income, but people acting as money mules will usually be unaware of where the money comes from, or where it goes.
Being a money mule can get you into serious trouble. Read more on money mules.
Never open a bank account in your name for someone else to use.
If someone asks you to accept a payment on their behalf, or move money stop and think – does the request make sense?
Always question the request - how well do you really know this person? And would you do this if it involved handling cash and passing it on to a stranger in person?
If you're worried that you or someone close to you might be caught up in money muling, you can contact HSBC directly using the number on the back of your card.
You can also report this anonymously to Crimestoppers.
Call diversion is a feature available through your telephone provider which lets you divert calls to almost any phone, including your mobile. You may be charged a fee by your provider for using the service.
You can dial:
Fraudsters are impersonating bank staff, claiming they need to confirm information by dialling a code, usually sent via text. Watch out for unexpected messages which ask you to dial one of these codes on your phone.
They will ask you to dial a call diversion code followed by a phone number and #.
For example, you may be asked to dial *21+447XXXXXXXXX#.
Dialling these numbers will not confirm any information with HSBC. Instead, this will send a request to your telephone provider to divert phone calls to the number stated after the *21.
This will be a number owned by fraudsters, who will then be able to answer your calls.
If you’re a victim of this type of scam, call ##002# to cancel active call diversions. You’ll receive a notification when the cancellation is successful.
You should also contact HSBC using the number on the back of your card and inform your telephone provider.
Fraudsters may contact you posing as a police officer or bank official to try to trick you into handing over:
They offer to send a courier to collect them from you.
They try to create a sense of urgency or fear, saying you must take immediate action to protect your money, or help them with a fake investigation.
Someone claiming to be from your bank or local police force calls you to confirm personal details such as your name, address and PIN number.
They may suggest you call them back to prove they are genuine. They then stay on the line. When you try to call back there’s no dial tone, and you connect straight back to them.
They claim their systems have spotted a fraudulent payment on your card, or that it’s due to expire and needs replacing. They offer to send a courier to collect your bank card.
They claim there’s an investigation. You’re asked to withdraw money or buy expensive items and hand these over to a police officer or courier, who will return everything once the investigation is complete.
You may also be told that money has been taken from your bank account by corrupt banking staff. The fraudsters may ask you to lie to your bank or bypass security measures to ‘help’ the investigation.
It’s important that you never lie to your bank.
Remember that HSBC or the police will never call you to verify personal details or your PIN. We’ll never offer to send a courier to pick up your card.
Remember to Take Five. Hang up and wait 5 minutes before calling your bank, using the contact number on the back of your card. Ideally, use a different line to call back, as fraudsters may stay on the line after you’ve hung up.
Only ever hand over your banking cards at an HSBC branch. If the card is cancelled, you should destroy it yourself by cutting directly into the chip.
Have you spotted a last-minute holiday deal on social media? Does the travel company only accept payment by bank transfer? Be careful – this could be a scam.
Fraudsters are creating fake adverts and emails to scam holidaymakers. They often impersonate travel companies to trick people into visiting a bogus website.
These websites can look very convincing, and some may even be clones of real travel companies. Fraudsters may ask you to pay for your holiday by bank transfer – this makes it much harder for you to get your money back.
Fraudsters can use a flight or hotel booking cancellation as a way to scam holidaymakers. They may:
You may also get a call from a ‘refund agent’. These scammers may promise a quick refund if you hand over your bank details, sometimes asking for upfront payments disguised as fees.
Beware of downloading fake or fraudulent apps onto your mobile phone.
Criminals can make fake or fraudulent apps. They try to trick you into downloading them onto your phone by clicking unsafe links, or not using your phone’s official app store.
These fake mobile apps contain malware, which can block, redirect or impersonate legitimate apps including the HSBC Mobile Banking app. One of these fake apps is called ‘PDF AI’. It impersonates a genuine app with a similar name.
The fake apps ask for personal information like usernames or credit card details. This may be to trick you into thinking you’re logging on to your banking app. Criminals could then use your information to try and steal your money.
It’s up to you to make sure you keep your phone safe. We’re reporting the fake apps we’re aware of, but criminals make new ones or change the names all the time. Protect yourself by:
Your phone company’s product support team can help you if you’re worried you might have installed malware through a fake app.
If you think you’ve been scammed, call the number on the back of your HSBC card straight away.
Fraudsters may contact you claiming to be from HSBC and appear genuine.
They will claim you need to take action to protect your account because it's been compromised. They may ask you to:
Doing either of these could give a fraudster access to your money.
We will NEVER contact you and ask you to share your security details or one-time passcodes.
These codes should never be shared. They are one time use, numeric codes which are used to confirm your identity or approve genuine transactions you've made.
The codes will not initiate a refund or reverse a transaction.
If you've shared any security details, call us using the number on the back of your card and report it to Action Fraud.
Find out more about managing your devices registered for mobile banking.
Deepfake technology is an escalating cyber security threat.
This technology uses software and machine learning to make content that realistically replicates voice, mannerisms, or vocabulary. The aim is to trick you into believing that what you see or hear is authentic and trustworthy.
Criminals are investing in this type of technology to create fake celebrity endorsements, to convince customers and build credibility for fake products and services.
How to spot a deepfake:
How to stay safe:
