Scam of the Week – HSBC Customers Targeted with Phishing Texts

February 21, 2019 2:09 pm Geraldine Strawbridge

HSBC customers are being warned to avoid a new text message phishing scam designed to steal their personal and financial banking details.

Fraudsters have been sending out text messages that appear to come from HSBC in an attempt to trick customers into disclosing their personal details.

The message warns users: “Your account has been locked. To restore access please visit your local branch or reactivate now with the secure link.”

The message implies that the user is unable to access their funds and if they are tricked into thinking the text is legitimate, they will tend to favour clicking on a link rather than go directly to their branch to restore access.

Fake HSBC Phishing Text (Source: Twitter)

HSBC phishing texts

As soon as the user clicks on the link, they are redirected through to a phishing website that has been specifically set up to harvest their personal data. Once they enter their details, the scam is complete, and the crooks can use this information to clear out their bank accounts or commit identity fraud.

There has been a notable increase in these types of text message phishing scams, more commonly known as ‘Smishing’. Smishing is a type of phishing that uses SMS messages as opposed to emails to target individuals.

Fraudsters will typically send a text message to an individual’s phone and include an urgent call to action to illicit an immediate response. Messages will often claim to be from Banks, Tax Revenue Systems and they may even appear to be from someone the user knows. The aim of the scam is to trick individuals into divulging sensitive information such as account details, credit card details or usernames and passwords.

These scams are proving to be particularly effective as people tend to be more trusting of text messages than email, and it’s often more difficult to determine if a link is malicious or not.

HSBC has urged customers to be wary of any suspicious text messages they receive and provided advice on how to avoid a Smishing scam.

  • HSBC will never ask you for your full PIN or password
  • HSBC will never text you a link that takes you directly to our login page
  • Fraudsters can use ‘text spoofing’ to deliberately falsify the telephone number to appear as ‘HSBC’ to seem like a genuine bank text
  • Never share your security details with anyone else
  • If you have suspicions regarding a text message from HSBC, call us on a known number (eg number on the back of your card) to check before acting on it
  • If you suspect a text is Smishing, please forward it to phishing@hsbc.co.uk

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.