PHISHING ALERT!

We would like to bring your attention to emails purporting to originate from HSBC. The emails invite the reader to click on a link and attempts to solicit a set of personal and financial information from the reader via a spoof HSBC website.

1) This is a sample of how the suspicious email may look like:


Email Subject: Security Information Update


2) The hyperlink, "Please click here to Continue" imbedded as part of the email directs the customer to a spoof HSBC website which looks like this:
Example 1
Example 2

 

3) What should you do?

Ignore the email and DO NOT attempt to visit the website. Remember: No email from HSBC will contain a hyperlink to our online@hsbc logon page or to a webpage which directly solicits your personal or financial information. HSBC will never ask you to reveal your Password, PIN or Security Code over the phone or via email.

Should you require further assistance:

- For Personal Internet Banking, please contact HSBC at 1800-HSBC NOW (4722 669) in Singapore or (65) 6-HSBC NOW (4722 669) from overseas.
- For Business Internet Banking, please contact our Corporate Call Centre at 1800 216 9008 (Singapore) or 65 6216 9008 (overseas).

Online Security - How To Protect Against Online Fraud?

Online security
At HSBC, we take Online Security very seriously and we want to protect our customers as much as possible. That's why we are providing you with this important advice. While we have equipped online@hsbc with industry standard security technology and practices to ensure that our customers are protected against fraud, you play an important part in protecting your account/transactions.


Read more

* FASTEN UP! is an Infocomm Development Authority of Singapore (IDA) initiative. Reproduced with permission from Infocomm Development Authority of Singapore (IDA), 2005

What is?

Phishing

Description
Phishing involves an email message being sent out to as many email addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. The email requests the recipient to update or verify their personal and financial information, including date of birth, log in information, account details, credit card numbers, PIN numbers etc.  Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting receipients, who happen to be customers of the legitimate organisation being imitated, to respond to the email and to provide the information being requested.

Tips

  • NOTHING, unless you are absolutely sure of the validity of the sender and the legitimacy of their request.
  • Be aware that HSBC will NEVER ask customers for such confidential banking data in their emails.
  • Do not respond to any emails that request such information or click on an embedded hyperlink.
  • Update your anti-virus software and also change your Password REGULARLY.

Spyware

Description

  • It is a computer software program that gathers information about a computer user, in most cases without the user's knowledge or informed consent.
  • It transmits the collected information to an organisation/person who potentially can manipulate the information.
  • Such software program may claim to be able to speed up your internet connections but in fact redirects your internet session through their own servers.
  • This could mean that Spyware has the ability to gain access to your passwords, PINs, credit card numbers and other personal transactional details.
  • Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this anti-virus software is not effective in identifying and removing spyware. In order to find out if spyware is present on your PC, it is necessary to download and run specific anti spyware programs.
  • Examples of anti-spyware security software products available at present are eTrustTM PestPatrol@, Anti-Spyware, McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable product to protect against the possible security threats of spyware on your PC.

Tips

  • To prevent the spyware installation without your consent, remember not to download any freeware onto the computer that you access internet banking with.
  • You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definition files.
  • Change your Password REGULARLY.
  • Always run an anti-virus software program and/or anti-spyware software before you download other programs or open e-mails.
  • If you think that you have installed such software in your PC, you may wish to seek professional IT advice on steps to be taken to uninstall the software from your PC.

Fraudulent & Spoof Websites

Description

  • Authentic-looking websites created by Internet fraudsters that look like other respectable websites, such as ours.
  • Attract people to their sites through phishing emails.
  • Urgently ask for personal, confidential information.

Tips

  • Make sure you're connected to the official HSBC site before keying in any confidential data.
  • Do not access your internet banking account directly through hyperlinks embedded in e-mails.
  • Type www.hsbc.com.sg directly on the browser address bar.
  • Check for the locked padlock symbol at the bottom right hand corner of your browser.
  • Ensure the secure browser session is established with HSBC by verifying the information, such as the issuer and the date on the server certificate
  • Change your Password REGULARLY.

Trojan Horse

Description

  • A type of computer virus that is a computer program masquerading as another program.
  • Appears innocent, but your files could be damaged or erased if you open the program.

Tips

  • Install anti-virus software, personal firewall and security patches.
  • Always run an anti-virus software program before you download other programs or open emails.
  • Update your anti-virus software and also change your Password REGULARLY.

Fraudulent Emails

You may have in the recent past read or heard of fraudulent e-mails sent to customers of large financial institutions in many countries. These e-mails typically tempt the institutions' customers to click an embedded "link" to a fairly realistic looking web site that mimics the look of the institution's own web site, where they are then asked to enter their usernames, passwords and other personal and confidential banking details.

At HSBC, we take the privacy and confidentiality of our customers' information very seriously and will never request your personal and financial information via e-mail. The following information/checklist will quickly help you determine whether a request for information is legitimate and how you can help in keeping your account/transactions safe.

Remember

  • HSBC will never ask for your logon details and personal information for internet banking, phonebanking or ATM services. These include your Username, Password, PIN, security code, account number, identification/ passport number, address, phone number, etc.
  • When you call us, you may be asked to input your Password or PIN for authentication. Do not speak out the Password, PIN or security code during the call, as no call centre representative will ever ask for this over the phone. If you have forgotten your Password or PIN, a few questions relating to your personal information, NOT your Passwords or PIN, will be asked for authentication.

Never

  • Follow a link within an email to start an Internet banking session. Instead, log on directly from your browser.. This will avoid you from being sent to a false site. Remember: No email from HSBC will contain a hyperlink to our online@hsbc logon page.

Always

  • Check for a locked padlock symbol at the bottom right corner of your browser.

Tell Us

  • Please advise us immediately if you receive either a suspicious email or phone call asking you to enter your logon details. DO NOT act on it even if it appears to be from HSBC.

Questions?
We assure you that we have equipped online@hsbc with industry standard security technology and practices to ensure that our customers are protected against fraud.

  • For any questions or to report a suspicious email, please contact our 24-hour Customer Service Hotline on 1800-HSBC NOW (4722 669) in Singapore or (65) 6-HSBC NOW (4722 669) from overseas.

We encourage our customers to also note the following security tips:

  • Keep your account details secure;
  • Never write down your online@hsbc security credentials or reveal it to anyone
  • Not to access your account in public places e.g. internet cafes;
  • Change your Password on a regular basis;
  • Log off properly using the "Logoff" button, when you have finished an Internet banking session;
  • Always disconnect from the Internet when finished; never leave a connection on when not using the service;
  • Install a personal firewall and virus detection software on personal computers, and update them regularly to ensure protection.

© Copyright. The Hongkong and Shanghai Banking Corporation Limited 2008