Latest scam warnings

At HSBC we work hard to help you stay one step ahead of fraudsters and on this page you can keep posted about the latest types of scams.

December 2019: Token Activation Fraud

Some HSBC customers are being targeted by fraudsters who want access to Secure Key activation codes. These codes, generated by either a physical Secure Key or Digital Secure Key, can be used to gain access to your online banking. Secure Key activation codes are not used to stop or block payments. 

Typically a fraudster calls over the phone or messages via text. 

Over the phone

You may receive a call from someone claiming to be from your bank:

  • the fraudster will say a large payment is due to leave your account and they’ll ask whether you authorised this
  • when you say no, they’ll then offer to stop the payment for you
  • they may be sympathetic and even tell you they will not ask for your PIN or password
  • they’ll try to establish what kind of Secure Key you have – a physical one or a Digital Secure Key
  • the fraudster will then ask you to generate a code from your Secure Key and let them know what it is

If you hand over your Secure Key activation code, the fraudster will be able to take over your online banking and authorise transactions from your account.

Via text

You may receive an SMS message from someone claiming to be from the bank. They may ask you to reply to the message with your Secure Key activation code, or to call them and take you through the similar steps above.

What should you do?

HSBC will never ask you for your Secure Key code. We’ll also never ask for any PINs or passwords. If you’re ever in doubt, hang up the phone and don’t reply to the text. Contact HSBC directly from a number you know to be genuine. 

For more information, read our Token Activation Fraud guide

 

November 2019: Remote Access Takeover

Fraudsters are trying to trick people into handing over control of their computers - known as Remote Access Takeover.

They do this by:

  • calling you and pretending to be from a bank, utility company or the police
  • saying there is an issue with computer, such as a virus, which they can fix
  • they may then give you some instructions to follow, or ask you to visit a website or download some software so they can gain access to your computer

Once control of your computer has been passed over, the fraudster will be able to access your files, turn on your camera and even see what you’re typing.

To continue the scam, they may then offer you a refund for your inconvenience.

They’ll try convince you to log on to your online banking to check the refund has been processed – all while having remote access.

They may even ask you for your Secure Key code, which gives them everything they need to move money from your account. HSBC, utilities companies and the police will never ask you do this.

You can help keep yourself safe by not giving anyone you don’t know access to your computer. If you have given out remote access, do not log on to your online banking or anything else which would allow someone to see any passwords or other security information. 

Never share your Secure Key codes or passwords with anyone and be sure to keep your anti-virus software updated.

For more information, read our Remote Access Takeover guide.

September 2019: Thomas Cook scams

Criminals are exploiting holidaymakers following the collapse of Thomas Cook.

They're trying to scam people into revealing personal and financial information.

They do this by:

  • pretending to be an employee of the affected company
  • asking for your bank account details to process refunds quicker
  • offering alternative airline flights for an extra cost
  • pretending to help with the aftermath of the collapse 
     

So be wary of emails, texts, letters, social media messages or phone calls offering help in reclaiming your refund from Thomas Cook. 

If you're not sure about someone who's contacted you, visit the Take Five to Stop Fraud website.

Remember, HSBC will never ask for your telephone security number or information from your Secure Key. 

If you think you may have given information to a criminal, call us immediately on 03457 404 404 - this number can be checked against the number on the back of your card.

If you've been affected by the Thomas Cook collapse, you can find out how to raise a dispute here.

 

July 2019: Hoax phone calls

We're getting reports of a new type of hoax phone call.

The automated call claims there's been a £600 transaction on your Visa card in the last 15 minutes. 

The recorded message gives instructions to follow on your phone keypad before you’re transferred to a criminal posing as an agent, who tricks you into giving away information or making a payment.

Here are some of the phone numbers the calls are coming from - but keep in mind there may be others:

  • 002476381410 (appears to be an automated call from Visa, then option 1 to speak to agent)
  • 001726882139 ('Nationwide Security')
  • 01702207699 ('Nationwide Security')
  • 01726882139
  • 01419544546 
  • 01588650565 

The calls may show the local dialling code to trick people into answering. 

If you get a hoax call such as this, hang up and report it to Action Fraud, a national reporting centre run by the City of London Police working alongside the National Fraud Intelligence Bureau.

To get more help protecting yourself against fraud, download our scams leaflet (PDF, 331.1KB).

 

July 2019: Car parking scam

We’ve had several reports in recent weeks of a new car parking scam.

With this type of card fraud, criminals approach people claiming they’ve committed a parking offence or asking for help in buying a parking ticket.

The fraudsters then persuade them to go to a nearby ATM or parking ticket machine. They may have previously fitted the machine with a device which traps the victim’s bank card once they’ve entered their PIN or they may use a distraction technique to steal the card by tricking their victim into thinking it’s been retained.

Here are some of the most common examples we’ve come across:

  • Criminals tell their victim they’ve committed an offence such as hitting the kerb. To avoid a fine, they need to go to a nearby ATM to make a payment. 
  • Criminals pretending to be traffic wardens tell their victim they need to make a payment to avoid a fine as they’ve not parked properly (such as parking too far away from the kerb). They say they can make the payment at a parking meter nearby. 
  • Criminals claim they need help getting a parking ticket because they don’t have their card or the machine won’t accept foreign cards.  They ask their victim to pay for a ticket on their card in return for cash. 

As their card is either stuck in the machine or has been removed without their knowledge, the victim assumes it’s been retained and leaves. The criminals will then use the card to withdraw money, having looked over their victim’s shoulder as they entered their PIN. This is known as ‘shoulder surfing’.

Another technique is for criminals to tell their victim there’s a fault with the machine they’re trying to use to pay for a parking ticket. They shoulder surf their victim and distract them so they can take their card.

Be alert when using ATMs and machines where you need to input your PIN:

  • Always use your hand as a shield from prying eyes when entering your PIN. 
  • Be aware of others around when using a machine where you need to enter a PIN – don’t let others distract you.
  • Do not take advice from ‘helpful’ strangers who are near the machine, especially if your card has been unexpectedly retained. 
  • If your card doesn’t come out, call your bank straight away. Stay by the machine while doing this - if it’s safe to do so - to prevent anyone from removing your card.

It’s a good idea to add the HSBC phone number given on the back of your card to your contacts so you have it to hand it even if your card has been retained.

For more advice on how to protect your card and PIN, please read our card security page.