In some cases, they may try to convince you to give them remote access to your computer and your online banking.
This is known as remote access takeover, or computer access takeover. If this happens, the criminal will be able to gain access to all your files, see what you’re typing and may even be able to turn on your webcam, or microphone, to spy on you.
With this type of scam, you may receive a call out of the blue from someone claiming to be your bank, an internet or utility company, or even the police.
They’ll try to convince you to give them remote access to your computer by saying they can help with something like a slow internet connection, or fixing a virus. You may also be asked to download software, visit a specific website or follow instructions which give them control.
The scammer may offer a refund for your inconvenience. They’ll then try to persuade you to log on to online banking to check you've received the money. The scammer will still have remote access, meaning they can see everything you’re typing – including your online banking log on details.
They may also ask you for a code sent by the bank (from your Secure Key for HSBC customers) so they can ‘process the refund’. By handing this information over, they’ll have everything they need to move any money from your account.
In some instances, the scammer may have moved money between your accounts so it looks like they’ve sent too much. They’ll then convince you to send it back to them. In reality it’ll be your own money you’re ‘returning’ to them.
HSBC UK, the police or utility companies will never ask you to do any of the above.
There are some steps you can take to help make sure your money is secure:
don’t give anyone you don’t know access to your computer
be careful how you share your personal information
if someone has remote access to your computer, don’t log on to your online banking or anything else which could allow them to gain access to any passwords, security information or log on details
don’t pass on security codes, Secure Key codes or one-time passcodes to anyone
keep your anti-virus software up to date
Read our page on the latest scams for more on how you can help protect yourself from fraud.
If you've given remote access to someone in this way, you should take these steps.
For laptops and desktop computers:
Immediately switch off, preferably at the power source.
Disconnect from the internet - for example, move out of range of your Wi-Fi router or unplug the internet cable.
For mobile phones:
Disable or switch off the 3G/4G/5G connectivity on your phone.
Move out of range of any Wi-Fi router.
A remote access connection will persist over any available internet connection, so simply restarting or rebooting won't be enough to block fraudsters. The only way to stop them being able to connect so you can regain full control is to follow these steps. Once you're back in control of your device, you must delete any remote access software that you’d installed.