How do fraudsters operate?
Fraudsters exploit human nature - behaviours that come naturally to us. Key to this is the manipulation of trust - gaining a target's trust and getting them to disclose information that should be kept secure.
Common fraud methods
Phishing involves fraudsters sending an unsolicited e-mail that appears to be from your bank or an online retailer requesting you to update your personal and financial information such as date of birth, online login information, account details, credit card numbers, PINs etc.
The e-mail may contain a link that takes you to a website that looks identical (or very similar) to the organisation's genuine site. Fraudsters can then capture personal data like passwords as you type it in or download malware onto your computer.
Smishing (SMS Phishing)
Smishing involves text messages sent by fraudsters that look like they have come from your bank to trick you into giving over your personal and financial information (by calling a number or clicking a link). Fraudsters also use 'text spoofing' to deliberately falsify the telephone number to appear as 'HSBC' to seem like a genuine bank sms.
Fraudsters call out of the blue claiming that a fraud has already happened, or may be imminent. They may already have some information about you, and may pose as bank staff, the police and other officials or companies in a position of trust. The fraudster will then try to persuade you to:
- transfer money to another account for 'safekeeping' or 'holding'
- withdraw cash and hand it over 'for investigation'
- divulge private information, which can then be used to gain access to your finances
SIM Swap Fraud is when a fraudster duplicates the SIM of your mobile number without your knowledge or authorization. This allows the fraudster to receive all your calls and text messages, obtain personal details and then conduct financial transactions with your bank.
Redirection of Funds
Redirection of Funds is when an individual receives a payment request via email that appears genuine but is in fact fraudulent.
Be vigilant - warning signs to look out for
- be wary of unsolicited approaches by phone, especially if you are asked to provide personal information
- beware of unsolicited e-mails or SMS messages asking you to update or verify your personal details, Personal Internet Banking login or security details such as Secure Key passwords/values or Credit Card Debit Card PINs. HSBC will never request this type of information
- beware of instructions to reply, complete a form or document attached to the email or click, through to a website in order to verify your account
- links within emails or SMS from HSBC will never take you directly to our login page and will always take you to information pages
How to protect yourself
- don't open attachments or click on links if you suspect they may not be genuine
- never share your security details such as PIN or passwords with anyone
- install anti-virus software and keep it up-to-date to protect you against viruses such a malware, trojans, spyware and adware
- keep your browser up-to-date as modern browser software adds protection against fake websites
- keep your software up-to-date as it's harder for viruses to infect updated software