Protect yourself against fraud and scams
It's easy to think fraud is something that happens to other people. Until it happens to us. The truth is, we’re all equally susceptible, but if we learn to spot the fraudster’s tricks, we can better protect ourselves and combat fraud together.
Take me straight to
Phishing
Watch our short video on what phishing might look like
These are email scams where a fraudster will send you an email pretending to be a legitimate organisation such as a bank. The email will ask you to update or verify your personal or financial information. Sometimes you'll be sent to log on to a website that looks legitimate, but is fake. The objective is to encourage you to provide your secure information so the fraudster can hack into your accounts.
Typical signs of phishing:
- Poor design, spelling mistakes or bad grammar.
- Asking you to do something unusual, or creating a sense of urgency for you to take action.
- An email link that says it's going somewhere that it isn't. Tip - hover over a link in an email to see its real destination.
- Asking for personal information.
- Website doesn't display the padlock symbol in their address bar when you log on.
- If you're directed to a website, check the URL looks correct before proceeding. For example, HSBC Bank Bermuda URL is www.hsbc.bm and not www.hsbcbankbermuda.com.
Smishing
Watch our quick video about how to spot smishing attempts
Text scams, or smishing, are when a fraudster sends you a text that appears to be from your bank or another trusted organisation. They may tell you that there’s been fraud on your account and ask you to share or update personal details. The text may offer vouchers, a tax refund or ask you to confirm the delivery of a parcel.
Typical examples of smishing:
- ‘Your bank’ tells you that your online banking access has been restricted and asks you to click on a link to reinstate access.
- ‘Your bank’ asks you to move your money to a ‘safe account’.
- A company tells you your payment has failed and to click on a link to update your bank details or make payment.
- A delivery company tells you that they couldn’t deliver your parcel and to click on a link to pay a small fee and reschedule.
Vishing
Watch our short video about vishing
Vishing is a social-engineering scam. It's the telephone equivalent of phishing, where a fraudster phones you and tries to trick you into disclosing your private information. Be wary of anyone who calls you asking you to disclose personal information. If in doubt, always end the call and ring us back. Anyone legitimately calling from HSBC will not be upset if you say you prefer to phone us directly.
Typical examples of vishing:
- ‘Your bank’ advises you that your account is at risk and you need to move your money to another account to keep it safe.
- ‘Your bank’ needs your help to investigate a fraud.
- Your internet or mobile provider calls you to fix a problem that you haven’t reported.
- Government tax authorities threaten jail unless unpaid taxes are paid immediately.
Advanced fee fraud
This involves unsolicited letters and emails offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. These funds are said to be anything from corporate profits, accumulated bribes or unspent government funds to unclaimed money belonging to a deceased person. The fraudsters are trying to obtain your banking details. The transactions typically require the recipient of the letter or email to pay something like a fee/tax/bribe to complete the deal – this is the advance fee. However, any fees paid will be lost.
Romance fraud
This occurs when a fraudster uses a fake online identity to gain a victim’s affection and trust, with the aim to manipulate and steal from their victim. After a period of time, they may ask for money or your bank account information. When someone you meet online requests your bank account information, they are most likely planning to use your account to carry out theft or a fraud scheme.
Business email compromise
This occurs when a fraudster emails a company's payments team, impersonating a contractor, supplier, creditor or even someone in senior management. The email might appear to be from the CEO, asking that an urgent payment be made, or from a supplier, requesting that future payments go to a new account. Often it instructs the recipient not to discuss the matter with anyone else. Since the sender's email closely matches a known address, this type of fraud often goes unnoticed until too late. Cybercriminals may even hack into a real email account - from which fraudulent communications are hard to identify.