Online Threat Alerts (OTA) - Alerting you to scams and frauds.

HSBC Email Scams - How to Protect Yourself
HSBC Email Scams - How to Protect Yourself

If you receive a suspicious email claiming to be from HSBC, do not click any links, open attachments, or reply, as it is a phishing scam designed to steal your banking credentials and personal data. You should immediately forward the email to phishing@hsbc.com and delete it from your device.

Types of HSBC Email Scams

  • E-Payment Advice: Deceptive emails claiming an electronic payment advice has been issued, forcing you to open an HTML attachment or link that steals login credentials.
  • Account Activity Alerts: Urgent warnings that your account has been suspended or compromised, directing you to fake sign-in pages to "verify" your details.
  • Fake Investment Brochures: High-return opportunities sent via email using fake employee signatures and real photos to trick you into transferring funds.
  • Software Updates: Fraudulent notifications prompting you to download security software (like fake "Rapport" software) that actually installs identity-stealing malware.

How to Spot Fake Emails

  • Check the True Sender: Hover over or click the sender's name to reveal the actual email address, looking for subtle misspellings (e.g., rn instead of m).
  • Look for High Pressure: Scammers use intense, urgent language to scare you into acting before you can think critically.
  • Inspect the Links: Hover your cursor over links without clicking to see the destination URL. If it does not match the official domain (like HSBC UK or HSBC USA), it is fake.
  • Strict Rule on Credentials: Remember that HSBC will never ask for your password, full PIN, one-time passcode (OTP), or digital token codes via email.

Steps to Take if Targeted

  1. Do Not Interact: Refrain from clicking any links, entering information, or downloading files.
  2. Report the Email: Send the suspicious message directly to phishing@hsbc.com.
  3. Delete Permanently: Remove the email from your inbox and completely empty your trash folder.
  4. Contact the Bank: If you accidentally shared details or clicked a link, log into your banking app via a trusted bookmark or call the number on the back of your card immediately.
waiting