Even though HSBC has market-leading fraud detection systems, we want you to be aware of the different ways criminals may try to steal your money.


Keep your finances and personal data safe

Much has been made in the news media recently about the hazards of online hacking and data breaches, but what is seldom reported is how much simpler it is to "hack" people than computers. This process is called social engineering, and is far easier to do than one might think.


How social engineering works

Social engineering exploits aspects of human nature - behaviours that come naturally to us. Key to social engineering is the manipulation of trust - gaining a target's trust and thereby getting them to disclose information that should be kept secure.

Scammers contact their targets, usually via telephone (vishing), text or email (phishing), purporting to be individuals in positions of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained their target's trust, they then request sensitive information or items which allow them access to their target's bank accounts - things your bank would never request themselves, such as:

  • Your 4-digit PIN
  • Credit or debit cards, chequebooks or cash
  • Online banking codes or passwords
  • Transfer of funds to a different account for "safekeeping"

Useful documents

Phone numbers

Customer Telephone Services (Please call this number in the first instance): 03457 404 404 or if overseas +44 1226 261 010

Textphone: 03457 125 563 or if overseas +44 1792 494 394

Security Reset Team (Please call this number if you suspect you may have divulged your security details): 345 600 2290

Lost or Stolen Cards: 0800 085 2401 or if overseas +44 1442 422 929

Further information

Common social engineering scams


Fraudsters call out of the blue claiming that a fraud has already happened, or may be imminent. They may already have some information about you, and may pose as bank staff, the police and other officials or companies in a position of trust. The fraudster will then try to persuade you to:

  • Transfer money to another account for "safekeeping" or "holding"
  • Withdraw cash and hand it over "for investigation"
  • Divulge private information, which can then be used to gain access to your finances

In many cases, these cold callers will suggest you hang up the phone and call them back on another number. However, it is easy for them to keep the connection open and intercept the call, so all the information you think you're giving to your bank is actually going to them.

It's important to remember:

  • Be wary of unsolicited approaches by phone, especially if you are asked to provide any personal information
  • If you are suspicious or feel vulnerable, don't be afraid to end the call and refuse requests for information
  • Fraudsters can use "call spoofing" to deliberately falsify the telephone number relayed on your caller ID to show as a genuine bank number
  • HSBC will never call you to ask you to generate a Secure Key code or ask for your PIN number
  • Never share your security details with anyone else

Criminals may already have some basic information about you (name, address, account details); don't assume a caller is genuine because they have these details or because they claim to represent a legitimate organisation.


Be wary of unsolicited emails that appear to be from your bank and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate site and often warn that your account may be shut down unless you take some action. These emails are designed to steal your personal information and use it to access your accounts.

Do not reply to or, click on a link from any email that you are not sure is genuine. Instead contact the company, using an authenticated telephone number.

Phishing emails typically:

  • Warn you of some sudden change in an account which requires you to verify that you still use the service
  • Use poor spelling and grammar
  • Request confidential or security information such as your internet banking details, passwords, account numbers or PINs
  • Include instructions to reply, complete a form or document attached to the email or click through to a website in order to verify your account. Don't open attachments or click on links if you suspect they may not be genuine.

If you receive a suspicious-looking email purporting to be from HSBC, forward it to phishing@hsbc.co.uk, delete it and empty your deleted items.


Smishing (SMS Phishing)

Be wary of suspicious text messages sent by fraudsters that look like they have come from your bank to trick you into giving over your personal and financial information (by calling a number or clicking a link).

It's important to remember:

  • HSBC will never ask you for your full PIN or password
  • HSBC will never text you a link that takes you directly to our login page
  • Fraudsters can use 'text spoofing' to deliberately falsify the telephone number to appear as 'HSBC' to seem like a genuine bank text
  • Never share your security details with anyone else
  • If you have suspicions regarding a text message from HSBC, call us on a known number (eg number on the back of your card) to check before acting on it

If you suspect a text is Smishing, please forward it to phishing@hsbc.co.uk


Courier scams

Some fraudsters will claim to be from your bank or Credit Card company and arrange for a courier to collect your card. They may also ask you to write down your PIN and hand it over as well. To add credibility the fraudster may even advise you to cut the card in half.

Please note that:

  • HSBC will never ask for your card and/or PIN to be returned via courier
  • You should never divulge your PIN to anyone, even someone claiming to work for the bank
  • HSBC's fraud detection teams will only ever ask for partial information; for example, they will never ask for your mother's full maiden name or full date of birth

To ensure that we can get in touch if any suspicious activity seems to be taking place on your account, please provide HSBC with up to date contact details including a mobile telephone number.


Investment or "Boiler room" scams

Beware of cold calls offering too-good-to-be-true investment opportunities. Fraudsters are known to sell worthless, overpriced or even non-existent shares. These can take many forms, but there are some common factors you should look out for including:

  • Unsolicited approaches
  • Unrealistically high returns offered for "low risk" investments
  • Lack of independent evidence of the validity of the scheme
  • Pressure to make quick decisions
  • Instructions to keep the approach confidential
  • Approaches from someone whose only contact details consist of a mobile phone number

Unfortunately, if it sounds too good to be true, it usually is.


Pension liberation

Pension liberation involves transferring pension funds from an existing scheme to a new one, to allow early access to benefits before the legal age of 55. Fraudsters typically target people under financial pressure and will sometimes claim that they can unlock some or all of their pension fund for a fee, which can be very high and may result in serious tax consequences. Be alert to offers like this and if in doubt seek advice from registered pension providers.