Top of main content

Protection from Fraud & Identity Theft

HSBC works hard year round to protect your personal information. We stay vigilant, identifying threats and investigating suspicious activity across all your accounts.

If we identify that your information has been compromised, we act promptly. We’ll contact you directly and take the necessary steps to help safeguard your banking information.

Table of Contents

Protection from Fraud, Scams and Identity Theft

The best way to defend yourself against identity theft and fraudulent scams is to protect your personal information, safe guard your electronic access devices and know how to identify scams.  Below are recommendations on simple actions you can take to help protect you, your family and your finances.   

Take steps to protect your information

Chances are your computer/tablet and mobile device (devices) contains a goldmine of personal and financial information. Make sure you're taking the necessary precautions to protect them.

We offer a number of safeguards to protect your account information, including Voice ID, which allows you to access your accounts over the phone using your voice, and Touch/Face ID, which allows you to access your accounts through our mobile app using your fingerprint or face.

You can sign up for email and text alerts to help manage your card activity. Get an alert any time a transaction is made over a certain dollar amount, if you are approaching your credit limit, or if there is a name or address change on the account.  

Our mobile app provides the personalization, security and flexibility that enhances your banking experience while providing an extra layer of security to help protect your identity.

Protect your identity and enhance your safety and security by reviewing the recommendations below.

Protect yourself from social engineering

Social engineering works by gaining someone’s trust and getting them to disclose information that should be kept secure.

Scammers usually contact people by phone (vishing), text (smishing) or email (phishing). They’ll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even law enforcement. Having gained the person’s trust, they’ll then ask for sensitive information or things which will enable them access to the person’s bank accounts.

There are things your bank would never ask for, such as:

  • Your 4-digit PIN
  • Online Banking codes like your secure key or password

Your bank/law enforcement would also never ask to:

  • Confirm a transaction you didn’t complete is “authorized”
  • Share your passwords
  • Send money or purchase gift cards
  • Transfer funds to a different account for 'safekeeping'
  • Collect your credit or debit cards, check books or cash

 

Use Caution when asked for a one-time passcodes (OTP)

Beware of fraudsters trying to steal your money using a OTP scam. A OTP is a string of random numbers, that you use for a single transaction or log on session.

Fraudsters might ask you to share these codes by pretending to be someone you trust like your bank or government agency. 

  • If this happens, hang up, and call the organization on a trusted number (back of your card or bank statement).

Fraudsters may call you, from numbers which may seem genuine and show a trusted name, but the call isn’t from the legitimate organization. This is known as number spoofing.

 

Passcode Scams

Fraudsters will ask you to share a one-time passcode which will allow them to impersonate you and try to steal money from your account.

They may claim that:

  • you need to share a code using your security device to stop a payment debiting your bank account
  • you need to share a code received in an unexpected text or email to prevent a suspicious transaction
  • you need to confirm that you made a transaction on your account. However, you didn’t originate the transaction. In reality they will use these codes to validate their fraudulent activity.

If you suspect a scam, please call us using the number on the back of your card or bank statement.

Vishing

Fraudsters call out of the blue and may claim to be your bank (verifying a suspicious transaction), law enforcement (your arrest is imminent), a family member in distress, or another trusted organization like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, account activity, address and even some personal details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'. The caller will then try to persuade you to take action, for example:

  • Transfer money to another account for 'safekeeping' or 'holding'
  • Withdraw cash and hand it over 'for investigation'
  • Send money or purchase gift cards
  • Give private information, which can then be used to gain access to your finances

Phishing

Be wary of unsolicited emails that appear to be from your bank or another trusted organization (government agencies, IRS, Social Security Administration, etc.) and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate source and often warn that your account may be shut down unless you take some action or they may say you’re owed money. They will stress the urgency for you to comply with their request.

If you receive one of these emails, don’t reply or click on a link, or open the attachments if you’re not sure they are genuine. Instead, contact the company using a phone number you know is genuine.

Phishing emails typically:

  • Warn you of some sudden change in an account, which means you have to confirm you still use the service.
  • Sometimes have poor spelling, grammar, generic greetings.
  • Ask for confidential or security information such as your Online Banking details, passwords, account numbers or PINs.
  • Include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account.
  • Include links that don’t match the URL of the legitimate site. The URL may not be a direct match for the valid site (i.e., you see www.hbsc.com or www.hsb.com instead of us.hsbc.com). The URL may also contain numbers such as an IP address or an "@" symbol.

If you’re suspicious of an email claiming to be from HSBC, forward it to phishing@hsbc.com

  • We’ll send you an automatic response to let you know we’ve received your email but are unable to provide personalized responses from this mailbox. 
  • Please ensure you copy the full email, smishing text or website address (URL) into the body of the email. 
  • Please do not send any personal customer verification details within the email. 
  • Kindly note emails will be processed by a third party on behalf of HSBC Global Services (UK) Limited and by HSBC Group companies.             
  • Additionally, you can also report the phishing attempt to the Federal Trade Commission (FTC) or to the Federal Bureau of Investigation Internet Crime Complaint Center (Ic3).

We also recommend you delete the email and empty your deleted files.

If you feel you entered a phishing site and/or shared your information:

  • Run a virus and spyware scan on your devices, and
  • Contact your financial institution immediately using a trusted phone number, change your passwords, and consider putting a block on your credit report.

Additional ways to protect yourself from Phishing:

  • Never provide your personal information to unverified sites.
  • Use trusted websites that you enter directly into your web browser or verified bookmarks. 
  • Back up your device(s) so that if you are attacked by a ransomware you have a copy of your personal/financial data.

Tip: If HSBC sends an email to your personal email address, it will always include a personal or account identifier. Any links included will be to an HSBC website information page, not directly to a page that requires login credentials or personal information.

Reminder: No one at HSBC will ever ask you for your password.

Smishing (SMS/text phishing)

Another thing to watch out for is suspicious text messages that look like they have come from HSBC or another trusted organization. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).

It's important to remember the following:

  • Banks and other organizations such as the police or service providers will never ask you for your full PIN, password or banking codes.
  • Fraudsters can mimic text headers so their messages can join a conversation beneath ones you know are genuine.
  • Don't withdraw cash and hand it over 'for investigation.'
  • Don't send money or purchase gift cards.
  • Don't give private information including passcodes, which can then be used to gain access to your finances.

 

If you’re suspicious of an SMS/text message claiming to be from HSBC, forward it to phishing@hsbc.com

  • We’ll send you an automatic response to let you know we’ve received your email but are unable to provide personalized responses to this mailbox. 
  • Please ensure you copy the full email, smishing text or website address (URL) into the body of the email. 
  • Please do not send any personal customer verification details within the email. 
  • Kindly note emails will be processed by a third party on behalf of HSBC Global Services (UK) Limited and by HSBC Group companies.

If you feel you entered a phishing site and/or shared your information

  • Run a virus and spyware scan on your devices.
  • Contact your financial institution immediately using a trusted phone number, change your passwords, and consider putting a block on your credit report.

Additional ways to protect yourself from Smishing

  • Never share your security details or information.
  • Block people you don't want to know, especially complete strangers. Adjust your message settings so only people on your contact list can message you.
  • Don't reply to strangers, especially if their messages are rude or annoying. It could be a predator.
  • Don't click on unsolicited links or attachments. They could contain a virus or spyware.
  • Don't create a profile that includes personal information. It can open you up to harassment and attract predators.

Tip: Reply with a simple Yes or No to HSBC Fraud Alerts, we don’t require any personal/account information.

Protect yourself in an ever increasing digital world

  • Use a newer operating system, set your browser to block pop-ups and increase the security settings.
  • Download security patches and updates. Turn on automatic updates so you have the latest fixes to problems as they arise. To check for patches and updates you should visit the publisher's website regularly, typically their 'Download' section. Generally, the latest versions of an operating system family (like Microsoft Windows) or browser (like Internet Explorer, Google Chrome, Safari, etc.) have the most up-to-date security features.
  • Disable "File and Printer Sharing" on your computer to prevent unauthorized access.
  • Turn your computer off when you're not using it. If you're not connected to the Internet, you can't be hacked or infected.

Create a strong password

• Avoid using the same password for multiple accounts/websites

• Use unique passwords with a combination of words, numbers, symbols and using both upper- and lower-case letters

• Use a phrase known to you and pick the first letter of each word and then unique numbers and symbols

• When selecting passwords use a combination of words that have a meaning to you but appear random to others

• Avoid easily guessed passwords, such as “password” or “user”, special dates, phone number, or family/pets names

• Don’t recycle passwords for example BlueDog1, BlueDog2, BlueDog3 

• Don't use ascending or descending number patterns for example 1234 or 4321

• Don’t store your list of passwords on your computer or write them down

• If you must store them, ensure they’re encrypted in a way that is indecipherable to others

Secure your wireless network

A wireless network allows you to connect your computer to the Internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Some wireless routers are pre-set with very insecure settings to help users connect to them for the first time – but this also means that other people could access your Internet account quite easily. For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a strong password.

HSBC recommends using selected web browser versions with HSBC Internet Banking.

Setting Up Your Mobile Device

  • Ensure your software is up to date. Check the manufacturer's website (or search Google) to see if a software update is available. If there's a new one, download it.
  • Follow strong passwords recommendations.
  • Paying to access a Wi-Fi network doesn't mean it's secure. Access fees do not equal security.
  • Use a Virtual Private Network (VPN). This provides secure access to an organization's network and allows you to get on line behind a secure layer that protects your information.
  • Turn off cookies and auto fill. This can be a privacy threat.
  • Be selective about the applications you are downloading.

Adding Security Software

  • Maintain a current SPAM filter, anti-virus software and firewall to help identify and block suspicious emails. Anti-virus and anti-spy software protects you, your privacy and your money.
  • If your operating system has a built-in firewall, enable it. Or install a third-party firewall to block hackers.
  • Follow strong passwords recommendations.
  • Use encryption software to protect data stored on your devices.

Internet Safety Tips

Cyber criminals are using more sophisticated methods to steal your information. They will use data available on the “dark web” typically received through data breaches, as well as attempt to have you provide them the data directly by taking advantage of your Internet behavior.

If you've followed our guidelines for securing your devices, you've already made it harder for someone to steal your identity. But all the safeguards in the world won't help you if you provide your personal information to Cyber Criminals. 

Improve Your Online Safety

  • Don’t share your personal or financial information online. 
  • Set social media accounts to private (when possible) and limit the information shared, cyber criminals use that data to answer security questions or target you for Identity theft.
    • Monitor for Cryptojacking.
  • Know who you are doing business with.
    • Access online banking sites by typing the URL directly into the address bar. 
    • Review the website's privacy policy to learn how your information will be used and protected. 
  • Don’t allow third parties to take control of your device unless you have contacted a trusted source. Be cautious of any phone call you receive asking you to share your device information or access.
  • Be aware of pop-ups as they may indicate you have malware on your computer.
  • Only use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible.
    • When using public Wi-Fi, do not enter account numbers, passwords, or any other personal details.
  • Follow Strong Password recommendations.
  • Never share passwords, login credentials, or any information that can be used to authenticate your identity.
  • Change Passwords if you believe they have been compromised (replied to an unsolicited email or text, data breach at a company you use) and regularly (at least every 90 days) as a safety measure.
  • Always change the default password on all devices, operational systems, etc. to a strong password.
  • When completing challenge questions, select questions only you know the answer to and questions that the answer can’t be located on social media or a website.
  • HSBC will never ask for your device passwords.

 

Guidelines for Safe Web Browsing

  • Don't click on pop-ups. Better yet, set your browser to block them.
  • Don't give out personal information to blogs, forums and other social networking sites.
  • When shopping online, use secure sites that encrypt your credit card information.
  • Be suspicious of odd error messages. Don't click on them or respond to them.
  • Scan your computer to remove any virus or spyware.
  • Scan your computer files regularly, once a week at a minimum.

ATM & Mail Safety Tips

To open new accounts in your name, thieves don't have to look any further than your mailbox. Pre-approved credit offers and outgoing bills may be all anyone needs to steal your identity. More sophisticated methods involve skimming or copying your card at an ATM. To reduce your risk of fraud, put our safety tips into action.

Precautions when using ATMs, gas station pumps, merchant terminals, etc.

  • Be aware of your surroundings, your personal safety is critical.
  • Use machines in well lighted areas that are preferably visible to business employees and under video surveillance. When possible conduct ATM transactions during the day. Most ATM crime happens at night.
  • Protect your PIN. Cover the keypad while you enter the number.
  • Don’t let your card out of your control.
  • Exercise caution if the machine has signs of tampering (i.e. skimming) such as;
    •Signs telling you to use a specific machine or to enter your password in multiple times or in a second device.
    •The key pad is loose, spongy or not attached properly.
    •Visible glue residue around the card slot or key pad.
    •Machine parts/colors don’t match what have been on the machine in the past.
    •Machine panels are not secure or they have signs of tampering or covered with unusual stickers.
    •Card readers don’t look like other readers at that location. They will match in most situations.
    •If in doubt look for safe alternatives.
  • Report anything suspicious or strange to merchant/financial institution or local law enforcement.

Guidelines for Protecting Your Mail

  • When possible utilize electronic statement delivery.
  • Collect incoming mail promptly. Don't leave your mail unattended overnight or on weekends.
  • Always use a locking mailbox, especially when your mail box is located in a communal area. Renting a post office box will also improve security.
  • Deposit outgoing mail (especially items containing checks) in official postal service collection boxes.
  • When mailing a check, monitor your statement closely to ensure it is presented for payment timely. If not call the payee to ensure receipt of the check and notify your financial institution if there is an issue.
  • Report missing mail timely to your local post office, and to your financial institution if it involves financial documents.
  • Shred unwanted documents containing personal information such as credit applications, convenience checks, bank statements, bills etc. using a cross shredder.
  • Have your mail held at the post office when you travel.

Know the signs of fraud

When logging on, a pop-up window appears stating the service is not available and to try later. A misspelled domain name in the address line. Lotteries that charge a fee to collect your winnings. Requests to pick up or send cash to a person overseas and they offer to share the money. All of these tricks and more have been used to take someone's money or identity. To avoid being conned, learn the telltale signs below.

Be suspicious of the following:

  • Automated messages with urgent requests to verify your account, and/or to fix a computer issue.
  • Being asked to send funds, share personal, financial or computer data. These requests are often the start of a scam.
  • Additional warning signs include:
    •Being asked to you use your bank account for an ACH or wire until they get their own account and you can keep some of the funds for the use of your account.
    •Being asked to negotiate a check and you are allowed to keep some of the funds for your trouble.
    •Funds appearing in your account that you were not expecting and then someone asks you to send them the funds. 
    •Requests for funds from people who you recently met on dating sites or other social media sites. Often they say they need the funds to pay for medical, travel, passports, business needs and they will repay you soon. 
    •Requests to send funds through mobile applications, mail cash, gift cards or any card that holds a monetary value.
    Promises of money. “You have won the lottery”, “You have a Tax Refund waiting”, ‘’Business/job opportunities’’ that involve receiving money for strangers.
    •Big threats. “Your account/computer has been hacked”, “Your going to be arrested”, “Your family member is hurt and needs medical care”.
    •Sense of urgency or secrecy . “Act now or it'll be too late”, “Don't tell anyone”, “You must do it NOW”.
    •Work-at-home schemes that require you to buy something or open a bank account to negotiate Payments/business checks. 
    •Donations to unregistered charities.  Most commonly occur after a national disaster or tragic event. 

Vishing Scam

This involves a fraudster making phone calls to an HSBC customer posing as bank staff, the fraud investigation team, police etc.. The call is made to obtain personal financial information, which often includes credit/debit card details (including PIN), One Time Passcodes (OTP), bank account details and/or personal information. This information is then used to gain access to your finances.

  • Voicemails asking you to call a number with an "809", "284", "876" or other international code. You'll end up with an expensive phone bill.
  • Calls that ask you to dial a two-digit code preceded or followed by the "#" or "*" key (for example, *79 or 72#) and then an 800 number. This is a call-forwarding scam.
  • Text message asking for urgent confirmation of personal or account information.

Remember:

  • If a deal or offer sounds too good to be true, it probably is.
  • Exercise caution anytime someone asks you to use your account, buy gift cards, or send funds transfers for them.
  • Just because the funds are available in your account doesn’t mean the deposited item can’t be returned and debited from your account.
  • Be wary of unsolicited calls. 
  • Never grant a stranger remote access to your computer or share your login credentials or password.
  • No one at HSBC will ever ask you for your password. 

Protect Yourself from Scams

Ways to Help Protect Yourself from Identify Theft and Fraudulent Scams:

  • Review your accounts frequently and notify the bank of any unusual activity. 
  • Contact the bank to report if you have lost/misplaced or had your card stolen or if you have become part of a fraud scam.
  • Notify your financial institution, utility companies etc. of any personal contact changes i.e. new cell phone, address, email, and employer.
  • If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it into small pieces to ensure it cannot be re-used.
  • Store all your personal documents securely. Keep personal documents to which you do not need regular access (birth certificates, social security card, passport, blank check supply, unused credit cards, insurance policies, share certificates) in a secure place.
  • Do not carry credit cards and personal documents unnecessarily – especially when you are traveling internationally.
  • Set up your accounts and personal internet banking for fraud alerts and respond timely to text alerts.
  • Set Up HSBC My Voice is My Password to access the HSBC call center.
  • Set up electronic statements delivery when possible.
  • Review your credit report annually.
  • Consider placing a fraud alert on your credit report and that of children.
  • Maintain your device security.
  • Shred all financial or personal papers that contain your personal information.

Ways to Protect Yourself as You Age

Here are some tips on making sound financial decisions as we age:

We have your back

If you believe you’ve been the subject of identity theft or that your online banking credentials have been compromised, call HSBC Security Center at 800.528.0694 immediately. Representatives are available to assist you 24 hours a day, 7 days a week.

  • Notify the credit bureaus. See Additional Resources tab below for important links. 
  • Change any login credentials or passwords that may have been shared/compromised.
  • Contact your local police department.
  • Report all internet crimes to IC3.gov.

Additional Resources

1 Data rate charges from your service provider may apply.  HSBC Bank USA, N.A. is not responsible for these charges.

Must be 18 years or older to enroll in Voice ID.

In order to view your accounts via the HSBC Mobile Banking App you need to be registered. App available for iPhone®, iPad®, and AndroidTM devices and must be downloaded from the App StoreSM or Google PlayTM

iPhone and iPad are trademarks of Apple Inc., registered in the U.S. and other countries.

Android and Google Play are trademarks of Google Inc.

App Store is a service mark of Apple Inc.

Deposit products offered in the U.S. by HSBC Bank USA, N.A. Member FDIC.

We're here to help you. Find the answers and while you're at it, tell us how we could do better.