Common Scams & Preventive tips

In the government Official Impersonal scam variant, the victim would first receive an unsolicited call from a scammer impersonating a bank officer. The scammer would then ask the victim to verify banking transactions that the victim had allegedly conducted via their bank accounts.

When the victim denies knowledge of such transactions, the scammer would transfer the call to a second scammer who would pose as a government official. The second scammer would accuse the victim of being involved in criminal activities such as money laundering and ask the victim to transfer monies to specified bank accounts under the pretext of assisting in investigations. The scammers would assure the victims that the accounts were ‘safety accounts’ designated by the government. In some cases, the victim is transferred to a third scammer for ‘further investigations’ and asked to transfer more monies to specified bank accounts.

Victims would only realize that they had been scammed when the scammers become uncontactable or when they subsequently verify the situation with the banks or authorities through official channels.

If you suspect that you have been scammed, immediately file a police report and call our dedicated 24/7 Hotline at +65 6-HSBC NOW (6-4722 669). Press ‘*’ to report a case or ‘1’ to activate our emergency self-service Kill Switch feature, which will disable access to your HSBC accounts and Personal Internet Banking.

• You’re approached by phone, email, text message or by someone calling at your house with an investment opportunity
• The ‘company’ contacting you won’t allow you to call back
• You feel pressured into making a quick decision, for example if the caller states the offer is ‘only available right now’ or ‘don’t miss out’
• The only contact you’re given is a mobile phone number
• It seems too good to be true – high returns for a low risk

Keep yourself safe on E-commerce platforms and watch out for an increase in phishing scams involving fake buyers.

These scammers can be found posing as potential buyers who will request for your contact details, seemingly to facilitate payment or make delivery arrangements. Depending on the details provided, you might receive an email, SMS, or Whatsapp message from the scammer with links or QR codes to spoofed websites that ask you to key in your banking credentials and OTPs to move forward with the sale. The scammers would then proceed to use your personal information provided to carry out unauthorized transactions from your bank accounts.

At HSBC, we take Online Security very seriously and we want to protect our customers as much as possible. That's why we are providing you with this important advice. While we have equipped HSBC Online Banking with industry standard security technology and practices to ensure that our customers are protected against fraud, you play an important part in protecting your account and transactions too.

Phishing – Criminals might also send you emails that look like they're from HSBC or other organisations you know well, to try to coax you into giving them your personal data. The links or QR codes embedded in these phishing emails will usually take you to a fake website that looks convincingly like the organization’s real site, where you'll be asked to enter your personal information, credentials or security code.

Here are a few things to remember to avoid being phished:

• check for spelling errors
  
• make sure the sender's email address matches the company they claim to represent; avoid anything that seems long and complex
• if you followed an email link to the company's home page, look for the padlock symbol at the side of the address bar to know it's secure
• if an email or website somehow feels different from the regular ones you know from the organisation, err on the side of caution and don't click any links or download any of the attachments

Vishing - This is the telephone equivalent of phishing, which is an increasingly common form of phone fraud, with seemingly legitimate-looking phone numbers.  A fraudster will call you and try to trick you into giving your private information. Be wary of anyone who calls you asking you to disclose information. If in doubt, always end the call and call us back. Anyone legitimately calling from HSBC will not be upset if you say you say you prefer to call us directly. 

The below variants are also observed via Vishing:

• Lottery scam - The caller tells you that you have won a lottery or lucky draw and you need to pay a processing fee to collect the winnings
• Kidnap scam - The caller tells you they've kidnapped a loved one and demands a ransom for their release
• Impersonation Scam – The caller claims to be from the court or police (or other government agencies) and tells you that you need to pay a fine or informs you that you are a suspect in illegal activities
• Loan Scam - The caller claims to be a staff from a licensed moneylender and tells you to transfer money as a deposit before the loan can be disbursed
• Money Mule Scam – The caller tells you to open a bank account to receive or transfer money after gaining your trust, sometimes even offering you a portion of the money transferred as ‘commission’

Smishing – SMS phishing is when you get a text message aimed at getting you to reveal your personal details. With so many of us always on our mobile phones, smishing can present a risk if we're not vigilant about checking links we get through text messaging platforms like WhatsApp.

In general, avoid replying to text messages from people you don’t know or numbers you don’t recognise and don’t click on links you get on your phone unless you know the person they’re coming from.

• For safe and secured online banking, only access websites starting with hsbc.com.sg, or enter the URL in the browser address bar directly
• Do not respond to any actions required from an unsolicited email
• Be aware that HSBC will never ask customers for such confidential banking data in their emails
• Do not respond to any emails that request such information or click on an embedded hyperlink
• Update your anti-virus software and use email client with two-factor authentication
• At logon, do not enter any numbers generated from the internet into your Digital Secure Key/Security Device. HSBC will never provide you with any numbers or beneficiary-related information onscreen to input into your Digital Secure Key/Security Device to generate a security code

Fraudsters use fake emails and websites to get you to unknowingly give away your passwords or bank details. Look out for these warning signs to spot them.

• Poor design, typos or bad grammar
• The sender's email address doesn't match the name of the company domain it's meant to be coming from
• Asking you to do something unusual
• Asking for personal information
• An email link that says it's going somewhere that it isn't (tip: hover over a link in an email to see its real destination)
• A website that doesn't display the padlock symbol in their address bar when you log in

• Don't download any free software on your computer unless you're certain it's safe
• Use anti-virus software, and make sure it's up-to-date
• Change your passwords regularly
• Don't respond to unsolicited emails requesting information, and don't follow any links in them either
• Make sure you're on a secure website before submitting banking or other sensitive information. Secure websites begin with 'https://' instead of 'http://'. They'll also contain a padlock icon on the address bar

To report phishing websites, smishing texts or suspicious emails which have requested personal banking information contact us via phishing@hsbc.com. We’ll send you an automatic response to let you know we've received your email but are unable to provide personalised responses to this mailbox.

Met a new partner or friend online? Are they unable to meet in person? If they ask you to send them money, it could be a fraudster using a fake identity to scam you.

Scammers set up fake profiles on dating sites or social media, and build ‘relationships’ with victims who think they’re talking to a real person. They build trust, often over months of chatting and even phone calls. There’s usually a believable reason they can’t meet in person then they play on your emotions to trick you into sending them money.

A scammer you’ve only met online might ask you for money and say things like:

• They are abroad and need money for travel to visit you
• They have a sick relative who needs medical care
• They have a business problem and need a loan to tide them over
• They’re waiting for an inheritance but need funds to access their money

• Never send money to someone you haven’t met in person. They might not be who they say they are
• Be wary of new contacts or friend requests
• Don’t share financial details
• Check in with family or friends you know in person for a second opinion

Malware, or malicious software, is any program or file that infiltrates and causes damage to the device, server, user or network. Malware can take the forms of mobile devices or computer viruses and spyware.

Such malware is capable of obtaining a customer's internet banking credentials (Username, Password and Security Code) once it resides in the device that is used to access the Online Banking services.

You may experience the following if you have accessed your internet banking from an infected computer:

• See a screen with a 'Please wait....' message
• Prompted repeatedly to enter your username, password or security code
• "Slowness" in your computer while accessing internet banking
• Prompted to input the number provided onscreen into your Digital Secure Key/Security Device to generate a Security Code
• Irregularities during your internet banking session (e.g. banking website redirecting to 3rd party website offering hotline number, altered login flow and unsolicited requests for tokens)