Top of main content

Protection From Fraud & Identity Theft

Table of contents

   

Protection from Fraud, Scams and Identity Theft

The best way to defend yourself against identity theft and fraudulent scams is to protect your personal information, safe guard your electronic access devices and know how to identify scams.  Below are recommendations on simple actions you can take to help protect you, your family and your finances.   

Simple Steps to Secure Your Devices

Chances are your computer/tablet and mobile device (devices) contains a goldmine of personal and financial information. Make sure you're taking the necessary precautions to protect them.

Most people think their devices are secure. However, most experts say that everyone needs to take additional steps to safe guard their systems including regularly update all operating programs, use anti virus/spy-ware systems provided by trusted merchants, and use Strong Passwords and safe networks.

Protect your identity and enhance your safety and security by reviewing the recommendations below.

Setting Up Your Computer/tablet

  • Use a newer operating system, set your browser to block pop-ups and increase the security settings.
  • Download security patches and updates. Turn on automatic updates so you have the latest fixes to problems as they arise. To check for patches and updates you should visit the publisher's website regularly, typically their 'Download' section. Generally, the latest versions of an operating system family (like Microsoft Windows) or browser (like Internet Explorer, Google Chrome, Apple Safari, etc.) have the most up-to-date security features.  

    Be wary of fake emails about bogus updates. Use the update software that comes with your computer or via the software publisher’s own website – don't click on links in emails
  • Disable "File and Printer Sharing" on your computer to prevent unauthorized access
  • Turn your computer off when you're not using it. If you're not connected to the Internet, you can't be hacked or infected.
  • Utilize Strong Passwords, combinations of letters, numbers and or special characters, the more characters the better. 
  • Secure your wireless network - A wireless network allows you to connect your computer to the internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Some wireless routers are pre-set with very insecure settings to help users connect to them for the first time – but this also means that other people could access your internet account quite easily.   For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a Strong Password.
  • HSBC recommends selected web browser versions for use with HSBC Internet Banking.

Setting Up Your Mobile Device

  • Ensure your software is up to date. Check the manufacturer's Web site (or search Google) to see if a software or firmware update is available. If there's a new one, download it.
  • Utilize Strong Passwords, combinations of letters, numbers and or special characters of 8 characters or more.
  • Paying to access a Wi-Fi network doesn't mean it's secure. Access fees do not equal security.
  • URLs beginning with "https:" are safer (but not foolproof). The s in https means that you're connected to the site via the Secure Socket Layer (SSL).
  • Use a Virtual Private Network (VPN). This provides secure access to an organization's network and allows you to get on line behind a secure layer that protects your information.
  • Turn off cookies and auto fill. This can be a privacy threat.
  • Be selective about the applications you are downloading.

Adding Security Software

  • Use new anti-virus & anti-spyware software to protect against viruses and spam. Anti-virus & anti-spy software protects you, your privacy and your money.
  • If your operating system has a built-in firewall, enable it. Or install a third-party firewall to block hackers.
  • Utilize Strong Passwords, combinations of letters, numbers and or special characters, the more characters the better.
  • Use encryption software to protect data stored on your devices.

Internet Safety Tips

Cyber criminals are using more sophisticated methods to steal your information. They will use data available on the “dark web” typically received through data breaches, as well as attempt to have you provide them the data directly by taking advantage of your internet behavior.

If you've followed our guidelines for securing your devices, you've already made it harder for someone to steal your identity. But all the safeguards in the world won't help you if you provide your personal information to Cyber Criminals. 

Review the data below to assist in protecting you and your finances from cyber criminals. 

Improve Your Online Safety

  • Don’t share your personal or financial information online. 
  • Know who you are doing business with.
    • Access online banking sites by typing the URL directly into the address bar. 
    • Review the website's privacy policy to learn how your information will be used and protected. 
  • Don’t allow third parties to take control of your device unless you have contacted a trusted source. Be cautious of any phone call you receive asking you to share your device information or access.
  • Follow Strong Password recommendations.
  • Be aware of pop-ups as they may indicate you have malware on your computer.
  • Report unusual pop-ups to your financial institution.
  • Don't use public computers to do your banking, including those at libraries, Internet cafes and schools.  If possible use one trusted computer for all your financial needs to limit your exposure.
  • When using Wi-Fi, only use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible.
  • Set Social Media accounts to private (when possible) and limit the information shared, cyber criminals use that data to answer security questions or target you for Identity theft.
  • Monitor for Cryptojacking 

Improve your Password security by creating a Strong Password

  • Use upper and lower case letters, numbers, symbols and use more than 8 characters when possible.  Mix the type of characters up to strengthen your security.
  • Be unpredictable and make them hard to guess. Avoid common words, dates, names, information. Think of a phrase that's memorable to you but not to others. (For example, "My left-handed brother has two green eyes" becomes "Ml_bh2Ge".)
  • Don’t reuse Passwords and use different Passwords for different sites.
  • Memorize your Password. Don't write it down or store it on your computer.
  • Don't share your Password(s) with anyone. HSBC will never ask for your device Passwords.
  • Change Passwords if you believe they have been compromised and regularly (at least every 90 days) as a safety measure
  • Change your Password quickly if you hear of a data breach at a company you have an account/profile with.
  • Always change the default Password on all devices, operational systems etc. to a Stronger Password
  • When completing challenge questions, select questions only you know the answer to and questions that the answer can’t be located on a social media or a website. 

Guidelines for Safe Web Browsing

  • Don't respond to unsolicited requests for account information.
  • Don't click on pop-ups. Better yet, set your browser to block them.
  • Don't give out personal information to blogs, forums and other social networking sites.
  • Don't visit unsafe sites. You could open yourself up to a flood of spam, pop-ups and spyware.
  • When shopping online, use secure sites that encrypt your credit card information.
  • Be suspicious of odd error messages. Don't click on them or respond to them. Scan your computer to remove any virus or spyware.
  • Scan your computer files regularly, once a week at a minimum.

Guidelines for Safe Email

  • Beware of fake emails, that appear to be from a legitimate business but they are from a cyber criminal.
    • Check for anything unusual, unprofessional or out of place such as a slightly altered domain name like www.hbsc.com, www.hbs.com or www.hsbc-security; an imperfect logo; or urgent account verification requests. 
    • Exercise caution when you receive an email with attachments. Any file with no extension (eg just named ‘file’) or a double extension (eg file.wow.jpg) is almost certainly a virus and should never be opened. Also, never open an email attachment that is unknown to you and in particular contains a file ending with .exe, .pif and .vbs because these commonly contain viruses.
    • Do not click on links in an email unless from a trusted source. Access retail and financial sites by using a bookmark or address you know is safe.
  • Don't be tricked by a friendly tone or urgent request. This is a common strategy used by Cyber Criminals to force rash decisions.
  • Turn off the preview pane in your email program.
  • Check a website's privacy policy before you give them your email address and don’t give out your personal information.
  • Delete email from unknown sources immediately. Use your junk mail filter.

Tip: If HSBC sends email to your personal email address, it will always include a personal or account identifier. Any links included will be to an HSBC web site information page, not directly to a page that requires log-in credentials or personal information.

Reminder: No one at HSBC will ever ask you for your Password.

Guidelines for Safe Instant Messaging/Texting

  • Never share information with people you don't know
  • Block people you don't want to know, especially complete strangers. Adjust your IM settings so that only people on your buddy or friends list can IM you.
  • Don't reply to strangers, especially if their messages are rude or annoying. It could be a predator.
  • Don't click on unsolicited links or attachments. They could contain a virus or spyware.
  • Don't create a profile that includes personal information. It can open you up to harassment and attract predators.

    Tip: Reply with a simple Yes or No to HSBC Fraud Alerts, we don’t require any personal/account information. 

ATM & Mail Safety Tips

To open new accounts in your name, thieves don't have to look any further than your mailbox. Pre-approved credit offers and outgoing bills may be all anyone needs to steal your identity. More sophisticated methods involve skimming or copying your card at an ATM. To reduce your risk of fraud, put our safety tips into action.

Precautions When Using ATMs, Gas Station Pumps, Merchant Terminals etc.

  • Be aware of your surroundings, your personal safety is critical.
    • Use machines in well lighted areas that are preferably visible to business employees and under video surveillance.
    • When possible conduct ATM transactions during the day. Most ATM crime happens at night.
    • Watch out for shoulder surfers, some may use binoculars or cameras to gain access to your PIN.
  • Protect your PIN. Cover the keypad while you enter the number.
  • Don’t let your card out of your control.
  • Exercise caution if the machine has signs of tampering i.e. skimming such as;
    •Signs telling you to use a specific machine or to enter your password in a second device or multiple times.
    •The key pad is loose, spongy or not attached properly.
    •Visible glue residue around the card slot or key pad.
    •Machine parts/colors don’t match what have been on the machine in the past.
    •Machine panels are not secure or they have signs of tampering or covered with unusual stickers.
    •Card readers don’t look like other readers at that location. They will match in most situations.
    •If in doubt look for safe alternatives.
  • Report anything suspicious or strange to merchant/financial institution or local law enforcement.

Guidelines for Protecting Your Mail

  • When possible utilize electronic statement delivery.
  • Collect incoming mail promptly. Don't leave your mail unattended overnight or on weekends.
  • Always use a locking mailbox, especially when your mail box is located in a communal area. Renting a post office box will also improve security.
  • Don't use the red flag to draw attention to your outgoing mail.
  • Deposit outgoing mail (especially items containing checks) in official postal service collection boxes.
  • When mailing a check, monitor your statement closely to ensure it is presented for payment timely. If not call the payee to ensure receipt of the check and notify your financial institution if there is an issue.
  • Have merchandise or important documents sent to a secure location with signed receipt when possible.
  • Report missing mail timely to your local post office, and to your financial institution if it involves financial documents.
  • Shred unwanted documents containing personal information such as credit applications, convenience checks, bank statements, bills etc. using a cross shredder.
  • Have your mail held at the post office when you travel.

Know the signs of fraud

When logging on, a pop-up window appears stating the service is not available and to try later. A misspelled domain name in the address line. Lotteries that charge a fee to collect your winnings. Requests to pick up or send cash to a person overseas and they offer to share the money. All of these tricks and more have been used to take someone's money or identity. To avoid being conned, learn the telltale signs below.

Email Fraud

Beware of Phishing

So-called "phishing" emails appear to be from legitimate companies. Typically, they warn you of an urgent problem with your account and trick you into providing personal and/or financial information to the sender or clicking on a link that takes you to a phony website. In some cases they may even install ransomware on your device. Remember, no reputable company would request personal information via email. Other warning signs that an email/website is fraudulent are:

  • Poor design, miss-spellings, poor grammar, odd phrasing, unprofessional formatting etc.
  • Generic salutation such as "Dear user" and/or un-personalized information in the text of the email.
  • The logo may be distorted or stretched. However, many Cyber Criminals are creating phony sites that appear to be exact replicas of the valid site.
  • The link in the email doesn't match the URL of the legitimate site. The URL may not be a direct match for the valid site i.e. you see www.hbsc.com or www.hsb.com instead of us.hsbc.com. The URL may also contain numbers (such as an IP address) or an "@" symbol.
  • Any attached file with no extension (eg just named ‘file’) or a double extension (eg file.wow.jpg) is almost certainly a virus and should never be opened.
    •Never open an email attachment that is unknown to you and in particular contains a file ending with .exe, .pif and .vbs because these commonly contain viruses.
  • The email and/or site ask you to do something unusual or threatens to shut down your account unless you verify your personal information.
  • The site returns an error message and asks you to log in.
  • The padlock icon is out of place. It should be in the browser status bar in the lower right and not within the web page.
  • When you double-click on the lock icon, you get a warning that the site address doesn't match the security certificate.
  • If there's a phone number on the fake website, it doesn't match the phone number on your account statement/card.
  • You can't link to a home page from the fraudulent site.

 

Ways to Protect yourself from Phishing;

  • Never providing your personal information to unverified sites.
  • Use trusted websites that you enter directly into your web browser or verified bookmarks. 
  • If unsure if the email/site is valid, contact the company using a trusted phone number from a statement, bank card etc.
  • If you feel you entered a phishing site and/or shared your information
    •Run a virus and spyware scan on your devices.
    •Contact your financial institution immediately, change your passwords, and consider putting a block on your credit report.
  • Reporting Phishing websites to the Federal Trade Commission as well as the IC3.gov site. 
  • Backing up your device(s) so that if you are attacked by a ransomware you have a copy of your personal/financial data.

 

Be suspicious of the following:

  • Automated messages with urgent requests to verify your account, and/or to fix a computer issue.
  • Being asked to send funds, share personal, financial or computer data. These requests are often the start of a scam. Additional warning signs include; 
    •Being asked to you use your bank account for an ACH or wire until they get their own account and you can keep some of the funds for the use of your account.
    •Being asked to negotiated a check and you are allowed to keep some of the funds for your “trouble”.
    •Funds appearing in your account that you were not expecting and then someone asks you to send them the funds. 
    •Requests for funds from people who you recently “met” on dating sites or other social media sites. Often they say they need the funds to pay for medical, travel, passports, business needs and they will “repay” you soon. 
    •Requests to send funds through mobile applications, mail cash, gift cards or any card that holds a monetary value.
    •Promises of money. “You have won the lottery”, “You have a Tax Refund waiting”, ‘’Business/job opportunities’’ that involve receiving money for strangers. Attach PDF 5 Ways to spot a lottery scam.
    •Big threats. “Your account/computer has been hacked”, “Your going to be arrested”, “Your family member is hurt and needs medical care”.
    •Sense of urgency or secrecy . “Act now or it'll be too late”, “Don't tell anyone”, “You must do it NOW”.
    •Work-at-home schemes that require you to buy something or open a bank account to negotiate Payments/business checks. 
    •Donations to unregistered charities.  Most commonly occur after a national disaster or tragic event. 
  • Vishing Scam - This involves a fraudster making phone calls to an HSBC customer posing as bank staff, the fraud investigation team, police etc.. The call is made to obtain personal financial information, which often includes credit/debit card details (including PIN), bank account details and personal information such as full name, date of birth and/or address. This information is then used to gain access to their your finances.
  • Voicemails asking you to call a number with an "809", "284", "876" or other international code. You'll end up with an expensive phone bill.
  • Calls that ask you to dial a two-digit code preceded or followed by the "#" or "*" key (for example, *79 or 72#) and then an 800 number. This is a call-forwarding scam.
  • Text message asking for urgent confirmation of personal or account information.

Remember:

  • If a deal or offer sounds too good to be true, it probably is.
  • Exercise caution anytime someone asks you to use your account, buy gift cards, or send funds transfers for them.
  • Just because the funds are available in your account doesn’t mean the deposited item can’t be returned and debited from your account.
  • Be wary of unsolicited calls. 
  • Never grant a stranger remote access to your computer.
  • No one at HSBC will ever ask you for your Password. 

Protect Yourself from Scams

Ways to Help Protect Yourself from Identify Theft and Fraudulent Scams:

  • Review your accounts frequently and notify the bank of any unusual activity. 
  • Contact the bank to report if you have lost/misplaced or had your card stolen or if you have become part of a fraud scam.
  • Notify your financial institution, utility companies etc. of any personal contact changes i.e. new cell phone, address, email, employer etc..  Or changes in who is authorized to use your account.
  • If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it into small pieces to ensure it cannot be re-used.
  • Store all your personal documents securely. Keep personal documents to which you do not need regular access (birth certificates, social security card, passport, blank check supply, unused credit cards, insurance policies, share certificates) in a secure place.
  • Do not carry credit cards and personal documents unnecessarily – especially when you are traveling internationally.
  • Set up your accounts and personal internet banking for fraud alerts and respond timely to text alerts.
  • Set Up HSBC My Voice is My Password (add link ) to access the HSBC call center.
  • Set up electronic statements delivery when possible.
  • Review your credit report annually.
  • Consider placing a fraud alert on your credit report and that of children.
  • Maintain your device security.
  • Shred all financial or personal papers that contain your personal information.

If you are a victim of Identity Theft or involved in a Scam;

  • IMMEDIATELY notify your bank and advise them of what has occurred. Add link to report a fraud
  • Notify the credit bureaus. Add link to resources tab
  • Change any login credentials or passwords that may have been shared/compromised.
  • Contact your local police department.
  • Report all internet crimes to IC3.gov.

Additional Resources