Safe banking: How to protect yourself from online fraud

Here are some main areas where being proactive will help keep digital fraud far away, especially as you switch to doing more of your banking online.

Most of us only really put down our mobile phones when we're sleeping. With the sheer volume of activity that takes place on these handheld devices, we can't forget to keep a keen eye on our mobile security. If you're a frequent user of online banking tools like the HSBC Singapore app or PayNow, you should be sure to follow these basic rules:

• keep your phone locked with a password, fingerprint or facial recognition at all times
• be cautious of using unencrypted public Wi-Fi networks, as hackers could use them as a way past your phone's security
• make sure you're up to date with all the latest versions of your apps, especially the latest anti-virus and anti-spyware software

With online banking, you almost never have to go to the branch to do your banking. This is a great time-saver, and you don't have to give up security for convenience. To minimise your online banking security risks:

• only use your own personal computers and devices to access your accounts
• keep your personal log on information private
• look out for irregular transactions on your online statements, emails and SMS notifications

A strong password goes a long way toward protecting your private data and keeping it safe from potential hackers or scammers. Next time you're asked to create a password, keep these tips in mind:

• don't use commonly known details like your birthday, home address or children's or pets' names
• combine upper and lowercase letters, numbers and symbols to truly make it secure
• don't use your online banking password for any other apps or subscriptions
• don't write it down on a post-it note or in an email
• most importantly: never share it with anyone

We'll never ask you for your password under any circumstances, so if you get a call or email from someone claiming to be from HSBC requesting your password or One-Time Password (OTP), don't reveal anything and get in touch with us immediately.

Ever received emails from senders you don't know, complete with suspicious attachments, images, QR codes and download links? Hackers and online fraudsters are constantly upping their game with ever more sophisticated malware such as Trojan horse viruses and spyware. To protect your personal information and digital files:

• be extra careful when opening messages from people you don't recognise or trust
• use caution when clicking links on social media platforms or downloading email attachments if you're not sure where they will take you
• install anti-virus software and firewalls on your computer and mobile devices, and keep them updated to the latest version

Criminals might also send you emails that look like they're from HSBC or other organisations you know well, to try to coax you into giving them your personal data. The links or QR codes embedded in these phishing emails will usually take you to a fake website that looks convincingly like the organisation's real site, where you'll be asked to enter your personal information, PIN or security code. Here are a few things to remember to avoid being phished:

• check for spelling errors
• make sure the sender's email address matches the company they claim to represent; avoid anything that seems long and complex
• if you followed an email link to the company's home page, look for the padlock symbol at the side of the address bar to know it's secure
• if an email or website somehow feels different from the regular ones you know from the organisation, err on the side of caution and don't click any links or download any of the attachments

Unfortunately, phishing through scam emails and websites is no longer the only way online criminals try to steal your personal information. There's also vishing, or voice phishing, which is an increasingly common form of phone fraud carried out using an internet telephone service, with seemingly legitimate-looking phone numbers. And then there's smishing, or SMS phishing, which is when you get a text message aimed at getting you to reveal your personal details. With so many of us always on our mobile phones, smishing can present a risk if we're not vigilant about checking links we get through text messaging platforms like WhatsApp.

While you're doing your part to protect yourself online, we're also working hard to keep you safe from financial fraud and scams. HSBC Safeguard is our two-pronged approach to protect our customers against financial fraud across our global processes and systems. 

First, we're constantly strengthening our initiatives against money laundering and sanctions evasion, which often mark the start of many financial crimes. We also review the products we provide to make sure we don't offer anything without sufficient customer protection.

Second, we make sure we have the most up-to-date information from our customers to ensure our global systems are running smoothly and to lower the risk of your account information being misused. This information is handled with the highest security standards and used solely to protect our customers and ourselves from financial crime.

All in all, we hope taking these steps and precautions will help you stay protected as you stay plugged in digitally and continue the convenience of your banking activities online!

Already registered for online banking?

Don't have online banking?