If you've received an SMS or text message that appears to have come from HSBC, please exercise caution before replying or clicking on any links.
Criminals may send messages that appear to be from us, or other institutions such as your internet provider, the government or the police.
These messages can often look very realistic, and some may even direct you to a website that looks virtually identical to our own. Their goal is often to trick you into entering sensitive information so that they can gain access to your accounts.
What to do if you receive a suspicious text
If you receive an SMS that you believe is suspicious:
- click on any links contained in an SMS
- download any attachments
- reply or call back
- report the message to us at firstname.lastname@example.org
- if you wish to check whether or not a message you have received was genuine, call us using one of the numbers listed on our Contact us page
Messages HSBC might send you
Some genuine messages that we might send to you via SMS include:
If you have subscribed to HSBC Card Alerts, you will occasionally be sent messages to advise when your credit card has been used to make purchases based on parameters that you have set up - for example if your card is used outside Bermuda.
As an extra layer of security, we will occasionally ask you to enter a One-Time Password before logging into online banking. We will provide this password via SMS.
A genuine text message from us will NEVER contain a link. Please do not click links received in SMS that claim to be from us. Instead, visit hsbc.bm directly or use the official HSBC Bermuda mobile banking app if you would like to log in and check your accounts.
Common scams to watch out for
Scammers are creating increasingly sophisticated fake messages, some of which may look very convincing.
They will usually look very similar to a message you might expect to receive from us, or another trusted organisation.
Typically, they will:
- encourage you to take urgent action
- ask you to verify new payees, transactions or devices
- include links to URLS which resemble hsbc.bm but are slightly different, such as hsbc-bm.com or device-hsbc-bm.com, or hidden behind generic URL shorteners such as bit.ly
- look similar to real messages. They may show up in the same thread as genuine messages you've received from an organisation
The following messages are known frauds that have been sent to our customers, claiming to be from HSBC.
If you receive a message that looks like any of the following, do not respond to them and do not click on any links contained in the message.
HSBC: There has been a login attempted from a new device. If this was NOT you, please follow the steps: device-hsbc.bm.com
HSBC: We have temporarily restricted access on your account due to suspicious activity, to re-authenticate visit hsbc-bm.com
A new payee “MR ADAMS” has been added today. If this was NOT you, please visit hsbcalert-bm.com
Your order BM621*** is ready, pay the shipping costs now or your package will be returned to the sender. https://bit.ly/312jMkJ
Ticket ID: OTk5NjE1Mzg
If you receive a call or an SMS and you’re unsure whether the sender is really from HSBC, the safest thing to do is to hang up and call us back on one of the trusted numbers listed on our Contact us page.
A genuine HSBC employee will not be offended if you decline to provide personal information requested over the phone or by SMS, so you should be extremely cautious if a caller becomes irate or attempts to pressure you into doing so. If in doubt, hang up and call us back on a trusted number.