Fraudsters are constantly coming up with new ways of scamming customers. They may impersonate us and ask you to transfer money for services or share your banking credentials to avoid service disruptions. Here are some important tips to protect yourself from impersonation scams.
We'll never:
- Ask you to transfer money to a bank account
- Send you an email or SMS message with a link requesting you to transfer money to a bank account
- Send you an email or SMS message with a link for entering your online banking username and password, or any personal information, including your card number or OTP for any banking services
If you receive an email or SMS message with a link attached, check the sender and don't click on any links unless you're sure of their purposes. If possible, check the URLs of the links. Our official pages always have URLs containing our domain name 'hsbc.com' or 'hsbc.com.vn'. If a link URL does not have one of our domain names, don't click on it. You should forward the suspicious emails or SMS messages to phishing@hsbc.com, then delete them on your device.
Commonly seen scams
Phishing SMS messages claiming to be from HSBC
Scammers use specialised software to impersonate us and send messages that may appear under your older HSBC messages. These messages are sent randomly to both HSBC and non-HSBC customers. They may include a link for the customers to review or redeem reward points, claim an offer or fix an issue. The link can lead customers to a phishing site asking customers to enter their account names, passwords or OTPs for redeeming gifts or fixing issues. These messages might appear to be genuinely from HSBC and get grouped together with other HSBC messages. We'll never send links through emails or SMS messages asking for your card numbers, card PINs or OTPs.
Fraudsters claiming to be from banks or banks’ vendors
Scammers may call or send you emails or SMS messages, requesting payments for card or account services (eg card delivery fees). They may ask you to click on a link for further instructions.
How to stay safe
Don't share your online banking passwords, PINs, OTPs or card CVVs with anyone. This includes bank staff members and anyone who claims to be a vendor of the bank. We'll never ask for passwords, PINs or security codes through emails, SMS messages or phone calls.
Don't rush to act. Fraudsters rely on urgency. Take your time to question unusual requests. Always verify the information before responding.
Don't click on links or scan QR codes in unverified emails, SMS messages or social media messages.
Don't install apps from untrusted sources or apps that require high-level permission on your device.
What should you do?
Be cautious if an offer seems too good to be true, then verify the offer directly with HSBC via the official channels provided on our website.
Stop and think before making payment transfers or online card transactions.1
Report any suspected scams or unusual account activities to us following the instructions on our report fraud section and the police.