If someone contacts you out of the blue by phone, email or text message:
Stop – taking a moment to stop and think before parting with your money or information could keep you safe.
Challenge – could it be fake? It's OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect – contact someone you trust, such as a friend or family member and contact the company directly.
More ways to stay safe online
HSBC Fraud & Cyber awareness app
The HSBC Fraud and Cyber awareness app keeps you up to date with current scams, fraud trends and guides to help protect you and your money.
Get the latest alerts straight to your phone. You can also share content to your social channels, and test your knowledge with our range of quizzes.
Fraudsters are out to fool people during Black Friday with deals that don’t exist. These are called purchase scams.
Purchase scams happen when you pay for a product or service that doesn't get delivered. This means your money is lost.
Watch out for offers that:
Beware of downloading fake or fraudulent apps onto your mobile phone.
Criminals can make fake or fraudulent apps. They try to trick you into downloading them onto your phone by clicking unsafe links, or not using your phone’s official app store.
These fake mobile apps contain malware, which can block, redirect or impersonate legitimate apps including the HSBC Mobile Banking app. One of these fake apps is called ‘PDF AI’. It impersonates a genuine app with a similar name.
The fake apps ask for personal information like usernames or credit card details. This may be to trick you into thinking you’re logging on to your banking app. Criminals could then use your information to try and steal your money.
It’s up to you to make sure you keep your phone safe. We’re reporting the fake apps we’re aware of, but criminals make new ones or change the names all the time. Protect yourself by:
Your phone company’s product support team can help you if you’re worried you might have installed malware through a fake app.
If you think you’ve been scammed, call the number on the back of your HSBC card straight away.
When high street shops close down, scammers pretend to sell off their stock.
You may see fake websites claiming to offer big discounts for retailers which have actually gone out of business.
What to look out for:
Deepfake technology is an escalating cyber security threat.
This technology uses software and machine learning to make content that realistically replicates voice, mannerisms, or vocabulary. The aim is to trick you into believing that what you see or hear is authentic and trustworthy.
Criminals are investing in this type of technology to create fake celebrity endorsements, to convince customers and build credibility for fake products and services.
How to spot a deepfake:
How to stay safe:
Call Diversion is a feature available through your telephone provider which lets you divert calls to almost any phone, including your mobile. You may be charged a fee by your provider for using the service.
You can dial:
Fraudsters are impersonating bank staff, claiming they need to confirm information by dialling a code, usually sent via text. Watch out for unexpected messages which ask you to dial one of these codes on your phone.
They will ask you to dial a call diversion code followed by a phone number and #.
For example, you may be asked to dial *21+447XXXXXXXXX#.
Dialling these numbers will not confirm any information with HSBC. Instead, this will send a request to your telephone provider to divert phone calls to the number stated after the *21.
This will be a number owned by fraudsters, who will then be able to answer your calls.
If you’re a victim to this type of scam, call ##002# to cancel active call diversions. You’ll receive a notification when the cancellation is successful.
You should also contact HSBC using the number on the back of your card and inform your telephone provider.
Fraudsters may set up fake firms using the name, address, and ‘Firm Reference Number’ (FRN) of real companies authorised by the FCA. The FCA refers to these as clone firms.
Fraudsters may also impersonate firms and their real employees. Once set up, these fraudsters will try to convince you that they're the real firm by sending you sales materials linking to legitimate websites or sending literature copied from legitimate firms.
The FCA advises anyone considering an investment opportunity to check the Warning List of firms. The list is updated daily and the FCA recommends avoiding unauthorised firms.
The FCA also advises to use the phone number on the FCA Register to contact an authorised firm to make sure you’re dealing with the real firm.
The specific details of a firm, such as the telephone number and website address, can be verified on the FCA Register.
You can protect yourself further by:
If you think you've been scammed, call your bank immediately using the number on the back of your card or from their website. You can report fraudulent activity directly to Action Fraud.
31% of 18-24 year-olds have been a victim of vehicle fraud.
In the UK, the favourite way to buy and sell vehicles is online. To help you do this safely, here’s some expert advice from the Vehicle Safe Trading Advisory Group (VSTAG).
If a deposit is requested, don’t pay more than you’re willing to lose
A potential scam associated with deposits are up-front transportation fees. You should only pay this fee once your car has been delivered.
Does the price, condition, or mileage of the vehicle seem too good to be true? If so, perform a free valuation on Auto Trader.
If the vehicle is below market value, think twice and ask the seller questions. There may be some genuine underlying reasons why the vehicle is under-priced.
See the vehicle in person and make sure it exists before making a payment.
You can also pay by credit card for extra security.
Fraudsters are targeting customers to gain access to banking apps on mobile phones, a senior UK fraud officer has said.
Detective Superintendent John Roch stated that the technology behind the apps is secure, but fraudsters are getting better at exploiting human behaviour:
"It's only a phone but if you take that out without the right precautions and protections around it, you are essentially walking around with a bag of cash. If you start to think of it like that, would you walk into a bar, put it down and turn your back on it? Probably not."
Fraudsters commonly ‘shoulder surf’ their victims to catch them entering their PIN before stealing the phone. Victims are often unaware that someone is observing them.
Fraudsters then use the PIN to unlock the phone and try the same PIN to access banking apps.
They will also search the phone's notes section for security details or PINs.
How to stay safe:
If your phone is lost or stolen, you should:
Fraudsters may contact you claiming to be from HSBC and appear genuine.
They will claim you need to take action to protect your account because it's been compromised. They may ask you to:
Doing either of these could give a fraudster access to your money.
We will NEVER contact you and ask you to share your security details or one-time passcodes.
These codes should never be shared. They are one time use, numeric codes which are used to confirm your identity or approve genuine transactions you've made.
The codes will not initiate a refund or reverse a transaction.
If you've shared any security details, call us using the number on the back of your card and report it to Action Fraud.
Find out more about managing your devices registered for mobile banking.
Avoid buying gig, festival or sports tickets from anyone apart from official vendors, the box office or reputable fan seller sites.
If you do, you could be a victim of fraud.
Criminals typically pose as a seller and post on social media or an online marketplace. They'll tell you they’ll post or email the tickets once you’ve transferred the money to their bank account.
But when you try to contact them after nothing’s arrived, they’ve disappeared off the face of the earth.
This happens to thousands of music, sports and other fans every year who get tricked into buying fake or non-existent tickets.
Find out more about the Get Safe Online campaign Buying Tickets Safely Online.
Criminals pose as loved ones and send messages out of the blue. Sometimes, conversations start on text and move to WhatsApp.
Trading standards officers say these messages can be very convincing and plausible.
Always remain vigilant when using online platforms to talk to family or friends.
If you're not sure that someone is who they say they are, the best way to check is to call them using a phone number you know to be genuine. By speaking to them verbally, you'll know it's their voice.
If you receive a message out of the blue, remember:
Never share one-time passcodes used to check your identity.
Take extra care at this time of year to guard against romance scams.
Fraudsters are known to target victims by setting up fake profiles on dating websites, apps and social media.
Beware of criminals looking to exploit your emotions with romance scams. They’ll make you feel loved, build trust, then start asking for money.
They might tell you:
They might also ask you to help fund an investment opportunity.
Never send money to someone you've only met online.
If you think you've fallen for a romance scam, you can call us using the number on the back of your credit or debit card and report it to Action Fraud.
Can you spot the tell-tale signs? Download the HSBC Fraud and Cyber Awareness app and try our romance scams quiz.
Fraudsters use key times in the tax year as an opportunity to make 'social engineering' attacks.
These can be:
A favourite time for these attacks is the HMRC deadline for self-assessment tax returns on 31 January.
You should also watch out also for messages pretending to be from HMRC as the end of the tax year approaches. These might claim you've received a tax rebate and ask for your account details.
To spot a scam, look for these tell-tale signs: