HSBC works hard year round to protect your personal information. We stay vigilant, identifying threats and investigating suspicious activity across all your accounts.
If we identify that your information has been compromised, we act promptly. We’ll contact you directly and take the necessary steps to help safeguard your banking information.
Table of contents
Protection from Fraud, Scams and Identity Theft
The best way to defend yourself against identity theft and fraudulent scams is to protect your personal information, safe guard your electronic access devices and know how to identify scams. Below are recommendations on simple actions you can take to help protect you, your family and your finances.
Take steps to protect your information
Chances are your computer/tablet and mobile device (devices) contains a goldmine of personal and financial information. Make sure you're taking the necessary precautions to protect them.
We offer a number of safeguards to protect your account information, including Voice ID, which allows you to access your accounts over the phone using your voice, and Touch/Face ID, which allows you to access your accounts through our mobile app using your fingerprint or face.
You can sign up for email and text alerts to help manage your card activity. Get an alert any time a transaction is made over a certain dollar amount, if you are approaching your credit limit, or if there is a name or address change on the account.
Our mobile platform provides the personalization, security and flexibility that enhances your banking experience while providing an extra layer of security to help protect your identity.
Protect your identity and enhance your safety and security by reviewing the recommendations below.
Protect yourself in an ever increasing digital world
- Use a newer operating system, set your browser to block pop-ups and increase the security settings.
- Download security patches and updates. Turn on automatic updates so you have the latest fixes to problems as they arise. To check for patches and updates you should visit the publisher's website regularly, typically their 'Download' section. Generally, the latest versions of an operating system family (like Microsoft Windows) or browser (like Internet Explorer, Google Chrome, Safari, etc.) have the most up-to-date security features.
- Beware of Phishing, fraudulent emails meant to capture your personal information. If you believe an email to be suspicious, do not click on embedded hyperlinks or open attachments. Be on the lookout for:
• Spelling mistakes, incorrect grammar, or odd phrasing
• Generic greetings or signatures
• Urgent or threatening language in the subject line
• More tips on identifying and preventing phishing attacks
- Disable "File and Printer Sharing" on your computer to prevent unauthorized access.
- Turn your computer off when you're not using it. If you're not connected to the Internet, you can't be hacked or infected.
- Create a strong password
• Unique passwords with a combination of words, numbers, symbols and both upper- and lower-case letters are best.
• Avoid easily guessed passwords, such as “password” or “user”.
• Don’t use personal details such as birth date, phone number, or family member names.
• Avoid using the same password for multiple accounts/websites.
• Don’t store your list of passwords on your computer or write them down.
- Secure your wireless network - A wireless network allows you to connect your computer to the Internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Some wireless routers are pre-set with very insecure settings to help users connect to them for the first time – but this also means that other people could access your Internet account quite easily. For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a strong password.
- HSBC recommends using selected web browser versions with HSBC Internet Banking.
Setting Up Your Mobile Device
- Ensure your software is up to date. Check the manufacturer's website (or search Google) to see if a software update is available. If there's a new one, download it.
- Utilize strong passwords, combinations of letters, numbers and or special characters of 8 characters or more.
- Paying to access a Wi-Fi network doesn't mean it's secure. Access fees do not equal security.
- URLs beginning with "https:" are safer (but not foolproof). The s in https means that you're connected to the site via the Secure Socket Layer (SSL).
- Use a Virtual Private Network (VPN). This provides secure access to an organization's network and allows you to get on line behind a secure layer that protects your information.
- Turn off cookies and auto fill. This can be a privacy threat.
- Be selective about the applications you are downloading.
Adding Security Software
- Maintain a current SPAM filter, anti-virus software and firewall to help identify and block suspicious emails. Anti-virus and anti-spy software protects you, your privacy and your money.
- If your operating system has a built-in firewall, enable it. Or install a third-party firewall to block hackers.
- Utilize Strong Passwords, combinations of letters, numbers and or special characters, the more characters the better.
- Use encryption software to protect data stored on your devices.
Internet Safety Tips
Cyber criminals are using more sophisticated methods to steal your information. They will use data available on the “dark web” typically received through data breaches, as well as attempt to have you provide them the data directly by taking advantage of your Internet behavior.
If you've followed our guidelines for securing your devices, you've already made it harder for someone to steal your identity. But all the safeguards in the world won't help you if you provide your personal information to Cyber Criminals.
Improve Your Online Safety
- Don’t share your personal or financial information online.
- Know who you are doing business with.
• Access online banking sites by typing the URL directly into the address bar.
- Don’t allow third parties to take control of your device unless you have contacted a trusted source. Be cautious of any phone call you receive asking you to share your device information or access.
- Follow Strong Password recommendations.
- Be aware of pop-ups as they may indicate you have malware on your computer.
- Only use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible.
• When using public Wi-Fi, do not enter account numbers, passwords, or any other personal details.
- Set Social Media accounts to private (when possible) and limit the information shared, cyber criminals use that data to answer security questions or target you for Identity theft.
• Monitor for Cryptojacking
- Never share passwords, login credentials, or any information that can be used to authenticate your identity.
- HSBC will never ask for your device passwords.
- Change Passwords if you believe they have been compromised and regularly (at least every 90 days) as a safety measure.
- Change your Password quickly if you hear of a data breach at a company you have an account/profile with.
- Always change the default Password on all devices, operational systems etc. to a stronger password.
- When completing challenge questions, select questions only you know the answer to and questions that the answer can’t be located on social media or a website.
Guidelines for Safe Web Browsing
- Don't respond to unsolicited requests for account information.
- Don't click on pop-ups. Better yet, set your browser to block them.
- Don't give out personal information to blogs, forums and other social networking sites.
- Don't visit unsafe sites. You could open yourself up to a flood of spam, pop-ups and spyware.
- When shopping online, use secure sites that encrypt your credit card information.
- Be suspicious of odd error messages. Don't click on them or respond to them. Scan your computer to remove any virus or spyware.
- Scan your computer files regularly, once a week at a minimum.
Guidelines for Safe Email
- Beware of fake emails, that appear to be from a legitimate business but they are from a cyber criminal.
• Check for anything unusual, unprofessional or out of place such as:
• A slightly altered domain name like www.hbsc.com, www.hbs.com or www.hsbc-security
• An imperfect logo
• Urgent account verification requests.
- Proceed with caution before opening emails from a sender you don’t recognize to prevent malware, software intended to damage or disable computer systems, from being downloaded onto your device.
- Any file with no extension (e.g. just named ‘file’) or a double extension (e.g. file.wow.jpg) is almost certainly a virus and should never be opened. Also, never open an email attachment that is unknown to you and in particular contains a file ending with .exe, .pif and .vbs because these commonly contain viruses.
- Do not click on links in an email unless from a trusted source. Access retail and financial sites by using a bookmark or address you know is safe.
- Don't be tricked by a friendly tone or urgent request. This is a common strategy used by Cyber Criminals to force rash decisions.
Turn off the preview pane in your email program.
- Delete email from unknown sources immediately. Use your junk mail filter.
Tip: If HSBC sends email to your personal email address, it will always include a personal or account identifier. Any links included will be to an HSBC website information page, not directly to a page that requires login credentials or personal information.
Reminder: No one at HSBC will ever ask you for your password.
Guidelines for Safe Instant Messaging/Texting
- Never share information with people you don't know
- Block people you don't want to know, especially complete strangers. Adjust your instant message (IM) settings so that only people on your buddy or friends list can IM you.
- Don't reply to strangers, especially if their messages are rude or annoying. It could be a predator.
- Don't click on unsolicited links or attachments. They could contain a virus or spyware.
- Don't create a profile that includes personal information. It can open you up to harassment and attract predators.
Tip: Reply with a simple Yes or No to HSBC Fraud Alerts, we don’t require any personal/account information.
ATM & Mail Safety Tips
To open new accounts in your name, thieves don't have to look any further than your mailbox. Pre-approved credit offers and outgoing bills may be all anyone needs to steal your identity. More sophisticated methods involve skimming or copying your card at an ATM. To reduce your risk of fraud, put our safety tips into action.
Precautions when using ATMs, gas station pumps, merchant terminals, etc.
- Be aware of your surroundings, your personal safety is critical.
• Use machines in well lighted areas that are preferably visible to business employees and under video surveillance.
• When possible conduct ATM transactions during the day. Most ATM crime happens at night.
- Protect your PIN. Cover the keypad while you enter the number.
- Don’t let your card out of your control.
- Exercise caution if the machine has signs of tampering i.e. skimming such as;
•Signs telling you to use a specific machine or to enter your password in multiple times or in a second device.
•The key pad is loose, spongy or not attached properly.
•Visible glue residue around the card slot or key pad.
•Machine parts/colors don’t match what have been on the machine in the past.
•Machine panels are not secure or they have signs of tampering or covered with unusual stickers.
•Card readers don’t look like other readers at that location. They will match in most situations.
•If in doubt look for safe alternatives.
- Report anything suspicious or strange to merchant/financial institution or local law enforcement.
Guidelines for Protecting Your Mail
- When possible utilize electronic statement delivery.
- Collect incoming mail promptly. Don't leave your mail unattended overnight or on weekends.
- Always use a locking mailbox, especially when your mail box is located in a communal area. Renting a post office box will also improve security.
- Don't use the red flag to draw attention to your outgoing mail.
- Deposit outgoing mail (especially items containing checks) in official postal service collection boxes.
- When mailing a check, monitor your statement closely to ensure it is presented for payment timely. If not call the payee to ensure receipt of the check and notify your financial institution if there is an issue.
- Have merchandise or important documents sent to a secure location with signed receipt when possible.
- Report missing mail timely to your local post office, and to your financial institution if it involves financial documents.
- Shred unwanted documents containing personal information such as credit applications, convenience checks, bank statements, bills etc. using a cross shredder.
- Have your mail held at the post office when you travel.
Know the signs of fraud
When logging on, a pop-up window appears stating the service is not available and to try later. A misspelled domain name in the address line. Lotteries that charge a fee to collect your winnings. Requests to pick up or send cash to a person overseas and they offer to share the money. All of these tricks and more have been used to take someone's money or identity. To avoid being conned, learn the telltale signs below.
Beware of Phishing
So-called "phishing" emails appear to be from legitimate companies. Typically, they warn you of an urgent problem with your account and trick you into providing personal and/or financial information to the sender or clicking on a link that takes you to a phony website. In some cases they may even install ransomware on your device. Remember, no reputable company would request personal information via email. Other warning signs that an email/website is fraudulent are:
- Poor design, miss-spellings, poor grammar, odd phrasing, unprofessional formatting etc.
- Generic salutation such as "Dear user" and/or un-personalized information in the text of the email.
- The logo may be distorted or stretched.
- The link in the email doesn't match the URL of the legitimate site. The URL may not be a direct match for the valid site i.e. you see www.hbsc.com or www.hsb.com instead of us.hsbc.com. The URL may also contain numbers (such as an IP address) or an "@" symbol.
- Any attached file with no extension (eg just named ‘file’) or a double extension (eg file.wow.jpg) is almost certainly a virus and should never be opened.
- Never open an email attachment that is unknown to you and in particular contains a file ending with .exe, .pif and .vbs because these commonly contain viruses.
- The email and/or site ask you to do something unusual or threatens to shut down your account unless you verify your personal information.
- The site returns an error message and asks you to log in.
- The padlock icon is out of place. It should be in the browser status bar in the lower right and not within the web page.
- When you double-click on the lock icon, you get a warning that the site address doesn't match the security certificate.
- If there's a phone number on the fake website, it doesn't match the phone number on your account statement/card.
- You can't link to a home page from the fraudulent site.
Ways to protect yourself from Phishing;
- Never providing your personal information to unverified sites.
- Use trusted websites that you enter directly into your web browser or verified bookmarks.
- If unsure if the email/site is valid, contact the company using a trusted phone number from a statement, bank card etc.
- If you feel you entered a phishing site and/or shared your information
•Run a virus and spyware scan on your devices.
•Contact your financial institution immediately, change your passwords, and consider putting a block on your credit report.
- Reporting Phishing websites to the Federal Trade Commission as well as the IC3.gov site.
- Backing up your device(s) so that if you are attacked by a ransomware you have a copy of your personal/financial data.
Be suspicious of the following:
- Automated messages with urgent requests to verify your account, and/or to fix a computer issue.
- Being asked to send funds, share personal, financial or computer data. These requests are often the start of a scam. Additional warning signs include;
•Being asked to you use your bank account for an ACH or wire until they get their own account and you can keep some of the funds for the use of your account.
•Being asked to negotiated a check and you are allowed to keep some of the funds for your “trouble”.
•Funds appearing in your account that you were not expecting and then someone asks you to send them the funds.
•Requests for funds from people who you recently “met” on dating sites or other social media sites. Often they say they need the funds to pay for medical, travel, passports, business needs and they will “repay” you soon.
•Requests to send funds through mobile applications, mail cash, gift cards or any card that holds a monetary value.
•Promises of money. “You have won the lottery”, “You have a Tax Refund waiting”, ‘’Business/job opportunities’’ that involve receiving money for strangers. Attach PDF 5 Ways to spot a lottery scam.
•Big threats. “Your account/computer has been hacked”, “Your going to be arrested”, “Your family member is hurt and needs medical care”.
•Sense of urgency or secrecy . “Act now or it'll be too late”, “Don't tell anyone”, “You must do it NOW”.
•Work-at-home schemes that require you to buy something or open a bank account to negotiate Payments/business checks.
•Donations to unregistered charities. Most commonly occur after a national disaster or tragic event.
- Vishing Scam - This involves a fraudster making phone calls to an HSBC customer posing as bank staff, the fraud investigation team, police etc.. The call is made to obtain personal financial information, which often includes credit/debit card details (including PIN), bank account details and personal information such as full name, date of birth and/or address. This information is then used to gain access to their your finances.
- Voicemails asking you to call a number with an "809", "284", "876" or other international code. You'll end up with an expensive phone bill.
- Calls that ask you to dial a two-digit code preceded or followed by the "#" or "*" key (for example, *79 or 72#) and then an 800 number. This is a call-forwarding scam.
- Text message asking for urgent confirmation of personal or account information.
- If a deal or offer sounds too good to be true, it probably is.
- Exercise caution anytime someone asks you to use your account, buy gift cards, or send funds transfers for them.
- Just because the funds are available in your account doesn’t mean the deposited item can’t be returned and debited from your account.
- Be wary of unsolicited calls.
- Never grant a stranger remote access to your computer or share your login credentials or password.
- No one at HSBC will ever ask you for your password.
Protect Yourself from Scams
Ways to Help Protect Yourself from Identify Theft and Fraudulent Scams:
- Review your accounts frequently and notify the bank of any unusual activity.
- Contact the bank to report if you have lost/misplaced or had your card stolen or if you have become part of a fraud scam.
- Notify your financial institution, utility companies etc. of any personal contact changes i.e. new cell phone, address, email, and employer.
- If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it into small pieces to ensure it cannot be re-used.
- Store all your personal documents securely. Keep personal documents to which you do not need regular access (birth certificates, social security card, passport, blank check supply, unused credit cards, insurance policies, share certificates) in a secure place.
- Do not carry credit cards and personal documents unnecessarily – especially when you are traveling internationally.
- Set up your accounts and personal internet banking for fraud alerts and respond timely to text alerts.
- Set Up HSBC My Voice is My Password to access the HSBC call center.
- Set up electronic statements delivery when possible.
- Review your credit report annually.
- Consider placing a fraud alert on your credit report and that of children.
- Maintain your device security.
- Shred all financial or personal papers that contain your personal information.
Ways to Protect Yourself as You Age
Here are some tips on making sound financial decisions as we age:
We have your back
If you believe you’ve been the subject of identity theft or that your online banking credentials have been compromised, call HSBC Security Center at 800.528.0694 immediately. Representatives are available to assist you 24 hours a day, 7 days a week.
- Notify the credit bureaus. See Additional Resources tab below for important links.
- Change any login credentials or passwords that may have been shared/compromised.
- Contact your local police department.
- Report all internet crimes to IC3.gov.
- Annual Credit Report.Com https://www.annualcreditreport.com/index.action
- Better Business Bureau – Scam Tracker https://www.bbb.org/scamtracker/us
- Consumer Financial Protection Bureau https://www.consumerfinance.gov/
- Credit Reporting Agencies
• Equifax – Everything You Need to Know About Identity Theft, All in One Place https://www.equifax.com/personal/education/identity-theft/
• Experian – How Do I Report Identity Theft https://www.experian.com/blogs/ask-experian/how-do-i-report-identity-theft/
• TransUnion – Identity Theft https://www.transunion.com/identity-theft
- Elder Financial Exploitation – National Adult Protective Services Association http://www.napsa-now.org/policy-advocacy/exploitation/
- Elder Justice Initiative – US Department of Justice https://www.justice.gov/elderjustice
- Federal Bureau of Investigation - Internet Crime Complaint Center (Ic3) https://www.ic3.gov/default.aspx
- Federal Trade Commission https://www.ftc.gov/
- Federal Trade Commission – Identity Theft https://www.identitytheft.gov/?utm_source=takeaction
- Internal Revenue Service – How to Report Fraud https://www.irs.gov/individuals/how-do-you-report-suspected-tax-fraud-activity
- Social Security Administration – Identity Theft and Your Social Security Number https://www.ssa.gov/pubs/EN-05-10064.pdf
- United States Department of Justice – Report Fraud https://www.justice.gov/criminal-fraud/report-fraud
- United States Department of State – Bureau of Consular Affairs – Passport or Visa Fraud https://travel.state.gov/content/travel/en/contact-us/reporting-fraud.html
- United States Government – Identity Theft https://www.usa.gov/identity-theft
- United States Government – Report Scams and Frauds https://www.usa.gov/stop-scams-frauds
- United States Postal Inspectors https://postalinspectors.uspis.gov/