What is phishing?
Phishing is when a criminal sends you an email that tries to get you to give them your passwords and bank details or clicks the embedded links, QR code or file attachment to implant malware to the victim’s device. The email will say it is from a legitimate organisation like a bank, online payment service or online retailer. It often looks very similar to an actual email sent by those companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organisation's genuine site.
Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN or security code. The phishing site records everything you enter, and then uses your information to steal your money.
To spot a phishing email, ask yourself the following questions:
- Does it request personal information, like a credit card number or account password?
- Were you expecting this message?
- Does it have an attachment?
- Does it ask you to do something unusual, like transfer money to an unknown source, or email your account details to someone?
- Does the sender’s email address or phone number match the name of the company that it claims to be from?
- Is your email address or phone number different from the one that you gave that company?
- Was it sent or cc’d to more than just you?
How can I tell if I'm being phished?
Fake websites:
- won't show the padlock symbol in the address bar when you log on
- are poorly designed, with typos or bad spelling and grammar
- have a different look and feel than the company’s regular website
If an email looks suspicious, don’t reply to it. Don't click on any links. Don't open any attachments. If you receive an email/SMS from HSBC that asks you to provide personal information, report it to us via our customer service hotlines immediately.
Our customer service hotlines:
HSBC Jade customers : (852) 2233 3033
HSBC Premier customers : (852) 2233 3322
Other customers : (852) 2233 3000