Fraud and security center

If you receive a suspicious-looking email/ SMS purporting to be from HSBC, please do not click on any links or do not reply; forward it to phishing@hsbc.com, delete it and empty your deleted items.

If you are unsure of the validity of any request purporting to be from the bank, suspicious of information leak or other enquiries, please contact:

• Personal Banking customers:
  (84 28) 37 247 247 (the South) or (84 24) 62 707 707 (the North)
  Operating 24/7 for lost or stolen Card or token, dispute transactions or Card related complaints
  Operating from 8:00 A.M. to 10:00 P.M. daily for other matters.
• Platinum Cash Back, HSBC Live+ and TravelOne Credit Card holders:
  (84 28) 37 247 248 Operating 24/7
• Premier customers:
  Please contact your Relationship Manager or call (84 28) 37 247 666 Operating 24/7

Fraudsters are constantly coming up with new ways of scamming customers. They may impersonate us and ask you to transfer money for services or share your banking credentials to avoid service disruptions. Here are some important tips to protect yourself from impersonation scams.

We'll never:

• Ask you to transfer money to a bank account
• Send you an email or SMS message with a link requesting you to transfer money to a bank account
• Send you an email or SMS message with a link for entering your online banking username and password, or any personal information, including your card number or OTP for any banking services

If you receive an email or SMS message with a link attached, check the sender and don't click on any links unless you're sure of their purposes. If possible, check the URLs of the links. Our official pages always have URLs containing our domain name 'hsbc.com' or 'hsbc.com.vn'. If a link URL does not have one of our domain names, don't click on it. You should forward the suspicious emails or SMS messages to phishing@hsbc.com, then delete them on your device.
 

Commonly seen scams
 

Phishing SMS messages claiming to be from HSBC

Scammers use specialised software to impersonate us and send messages that may appear under your older HSBC messages. These messages are sent randomly to both HSBC and non-HSBC customers. They may include a link for the customers to review or redeem reward points, claim an offer or fix an issue. The link can lead customers to a phishing site asking customers to enter their account names, passwords or OTPs for redeeming gifts or fixing issues. These messages might appear to be genuinely from HSBC and get grouped together with other HSBC messages. We'll never send links through emails or SMS messages asking for your card numbers, card PINs or OTPs.
 

Fraudsters claiming to be from banks or banks’ vendors

Scammers may call or send you emails or SMS messages, requesting payments for card or account services (eg card delivery fees). They may ask you to click on a link for further instructions.
 

How to stay safe

Don't share your online banking passwords, PINs, OTPs or card CVVs with anyone. This includes bank staff members and anyone who claims to be a vendor of the bank. We'll never ask for passwords, PINs or security codes through emails, SMS messages or phone calls.

Don't rush to act. Fraudsters rely on urgency. Take your time to question unusual requests. Always verify the information before responding.

Don't click on links or scan QR codes in unverified emails, SMS messages or social media messages.

Don't install apps from untrusted sources or apps that require high-level permission on your device.
 

What should you do? 

Be cautious if an offer seems too good to be true, then verify the offer directly with HSBC via the official channels provided on our website.

Stop and think before making payment transfers or online card transactions.¹

Report any suspected scams or unusual account activities to us following the instructions on our report fraud section and the police.

Fraudsters call or send you a text pretending to be your bank or another trusted organization. They may tell you that there has been fraud in your account and ask you to share or update personal details.

Emails are sent by fraudsters to encourage you to share personal details or to click on fake links containing malwares. These links may lead you to fake maps and updated figures of COVID-19 spread, or the fraudsters may pretend to be a doctor from the World Health Organisation (WHO).

Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money from the compromised accounts. In order to cover their tracks, however, they recruit unsuspecting individuals to act as go betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.

The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.

Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.

• Won't show the padlock symbol in the address bar when you log on.
•  Are poorly designed, with typos or bad spelling and grammar.
• Have a different look and feel than the company's regular website.

• Carefully review the SMS even if it comes from the Brand Name Bank. HSBC will not ask or request your personal information, OTP, or Login to your account via SMS or Email.
• Do not rush to take immediate action or follow instructions in the message.
• Check the link before signing in. You can only access HSBC internet banking via https://www.hsbc.com.vn/security/
• Always type www.hsbc.com.vn directly into the browser’s address bar.
• Do not access your internet banking account directly through hyperlinks embedded in e-mails.
• Contact Bank’s hotlines to check if it’s genuine in case you are unsure.
• Feedback to Bank or local authorities for appropriate action(s).

• Never respond to email messages that request personal or financial information and never click on a link in such an email.
• HSBC will never ask for your logon details and personal information for internet banking, phonebanking or ATM services. These include your Username, Password, PIN, security code, account number, identification/ passport number, address, phone number, etc.
• Do not speak out the Password, PIN or security code during the call, as no call centre representative will ever ask for this over the phone. If you have forgotten your Password or PIN, a few questions relating to your personal information, NOT your Passwords or PIN, will be asked for authentication.
• Log on directly from your browser. This will avoid you from being sent to a false site. Remember: No email from HSBC will contain a hyperlink to our logon page.
• Contact us if have any concerns or misgivings about something purporting to be from our Bank.

It is a computer software program that gathers information about a computer user, in most cases without the user's knowledge or informed consent. It then transmits the collected information to a third party who can potentially manipulate the information.

Such software program may claim to be able to speed up your internet connections but in fact redirects your internet session through their own servers.

This means that Spyware has the ability to gain access to your passwords, PINs, credit card numbers and other personal transactional details. Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this anti-virus software is not effective in identifying and removing spyware. In order to find out if spyware is present on your PC, it is necessary to download and run specific anti spyware programs.

Examples of anti-spyware security software products available at present are eTrustTM PestPatrol@, Anti-Spyware, McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable product to protect against the possible security threats of spyware on your PC.

• Do not download any freeware onto the computer that you access internet banking with.
• Your anti-virus software should be updated on a regular basis with the latest virus definition files.
• Run an anti-virus software program and/or anti-spyware software before you download other programs or open e-mails.
• If you think that you have installed such software in your PC, you may wish to seek professional IT advise on steps to be taken to uninstall the software from your PC.

• Install anti-virus software, a personal firewall and security patches
• Always run an anti-virus software program before you download other programs or open emails
• Update your anti-virus software

Anything you type on a computer can be captured and stored. This can be done using a hardware device attached to your computer or by software running almost invisibly on the machine. Keystroke logging is often used by fraudsters to capture personal details including passwords. Some recent viruses are even capable of installing such software without the user's knowledge.

These messages seek to exploit customers by telling you that there has been fraudulent or abnormal activities in your account and ask you to access the provided fake links containing malwares to obtain sensitive information such as username, passwords or accounts / credit card details.

Criminals are in it for the money.

There are many ways for them to make money online. They may: 

• Steal your passwords and bank details with viruses, fake e-mails and fake websites
• Ask you to provide security details
• Send spam with bogus offers and products
• Take over your computer and use it to attack other people's computers
• Use viruses to display unwanted adverts on your PC

We take your internet banking security and privacy very seriously. Protecting yourself and your money takes a bit of know-how and the right software.

Instead, contact the company directly using an email or phone number that you can check is genuine.

If it's too good to be true, it probably is.

When it comes to protecting yourself and your money on the internet be wary of ridiculous deals. Criminals may contact you by e-mail, through websites you use, via SMS or even by phone. It pays to be on your guard because they can be quite convincing.

Here are some warning signs: 

• Big promises. “You have won the lottery”
• Big threats. “Your account has been hacked”
• A false sense of urgency. “Act now or it'll be too late”
• Unnecessary secrecy. “Don't tell anyone”
• “Business opportunities” that involve holding or receiving money from strangers

There is no reason for them to contact you. If an attachment looks suspicious, don't open it. Don't install software unless it comes from a website you trust. If it doesn't feel right, take your time.

If you suspect that there is a problem with your personal or business internet banking, you can always talk to us first.

Change your passwords regularly. Avoid passwords that can be easily guessed and don’t use the same password for your online banking and any other websites.

Tell us of any changes in your personal details (e.g. address change, mobile phone change, email change).

Double-check privacy settings on social networking sites.

What's your mother's maiden name? What's the name of the first school you went to? What was your favourite subject at school? What's your address? Birthday? Phone number?

All this information is useful to people who want to steal your identity or break into your personal internet banking. You wouldn't give this information away to a stranger in the street but if you use social networking sites, such as Facebook, Twitter or MySpace, you could be over-sharing personal data.

You may want to think carefully about the information you put into your profiles on sites like this. It is also a good idea that you check the privacy settings on each site that you use, to make sure you only share personal information with people you trust.

Keep your account details and any parts of Card information (especially CVV and card number) secure, i.e. do not openly disclose them.

Never write down your security credentials or reveal them to anyone.

Please also remember that you must take all reasonable precautions to keep your details safe and prevent any unauthorized use of any cards and security details. If any information forms part of your security details, you should make sure that you do not disclose it to anyone else – see the terms and conditions that apply to your account(s) for more detail.

Keep your paper records safe. Store your bank documents in a safe place. Always shred them when they are no longer required.

If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it in two through the account number and the magnetic strip.

We use industry-standard security technology and practices to safeguard your account from any unauthorised access.

When you log in to internet banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// and a padlock symbol appears at the top of the page as part of the address bar.

Encryption Secure Sockets Layer (SSL) encryption technology is used within your Internet Banking session to encrypt (code) your personal information before it leaves your computer in order to ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. At HSBC, we use 256-bit SSL Encryption, which is accepted as the industry standard level. Any email service within Internet Banking is similarly protected with encryption technology (unlike your regular email which is usually not secured).

If you forget to log-off after banking online, or your computer remains inactive for a period of time during a session, our system will automatically log you off. Pages viewed during a secure session are not recorded in your PC's temporary files.

For obvious reasons we cannot disclose all of them, but the following are typically used: All our operating systems are updated with the latest security patches, Our anti-virus software is kept updated , We use firewalls to prevent unauthorized intrusion.

The Secure Key or Security Device is a two-factor authentication will help protect you from internet banking fraud. It is designed to make sure only you can access your personal information. Devices like these are commonly being used for secure transactions all round the world. With this technology you can enjoy far more secure online banking services and it's one of the smallest and simplest to use. Two-factor authentication means you not only need a password or PIN, but you also need a device unique to you.

Online access to your account is only possible once you have authenticated yourself using the correct Internet Banking ID and security details. For this reason, it is vital that you do not share your password and do not use the same password for other services (e.g., Yahoo, Hotmail, etc.)

After 3 incorrect attempts to logon, we disable online access to your account. To re-activate your account, you should contact our Contact centers described above.

Fraud Detection Team may contact you for activities or transaction confirmation performed by you. Below are the phone numbers that Fraud team may use to contact you:

(84 28) 35 206 406

(84 28) 35 449 165

(84 28) 35 206 500

(84 28) 35 206 030

(84 28) 35 206 189

(84 28) 62 888 281

(84 28) 35 206 213

You can contact our Fraud Detection Team anytime at (8428) 3544 9009 (direct call) or call our Contact Center (8428) 37 247 247 and request to transfer the line to us.

HSBC commits to provide quality services to our customers. We have recently completed our regular maintenance and safety checks on all our ATMs country/  territory wide (including electrical checks). All HSBC ATMs are in good condition and safe for customers' use.