- Malware – e-mails entice users into clicking on links or accessing URLs which deliver malicious software such as Zeus and Spyeye onto the user's PC
- Phishing – e-mails encourage users to divulge personal information such as banking security credentials
Together, these threats can be used to defraud individuals and companies. These attacks tend to happen in 'waves' such as the 'Man in the Middle' (MitM) attacks that media outlets have been recently reporting on.
A MitM attack occurs when Malware is downloaded, hidden in your browser and then activated when you visit particular websites. While deception can take many forms, a current version of this Malware tricks account holders into clicking on counterfeit links after they have logged into their financial institution's online platform. This triggers the Malware and the malicious programme then gets between the account holder and the genuine website–altering what is seen or changing the details of what is being entered in order to conduct and hide fraudulent activity.
HSBC monitors this activity vigilantly to protect you, but you also play a big role in averting these attacks. The more you know, the more you can protect yourself.
What should I do if I receive a suspicious e-mail?
If in doubt, delete the e-mail without opening it. This caution should apply to all unexpected e-mails with links or attachments. If you are suspicious of an e-mail that claims to come from HSBC, please forward it to firstname.lastname@example.org. We take these matters very seriously and will investigate the e-mail in question.
How do I know that a fraud or phishing attempt is underway?
The following types of experiences should be taken seriously and reported to your local HSBCnet support team immediately:
- When logging in to HSBCnet, you are presented with a message saying that HSBCnet is unavailable AFTER you have entered your username and security credentials. Alternately, the error message might give a set time that HSBCnet will return, e.g. 15 minutes
- You are presented with a security check/verification screen that requires you to wait for 1-10 minutes
- You are prompted repeatedly to reenter your username, password or security code
- You are asked to enter beneficiary account information that you don't recognise and does not relate back to an invoice
- You are presented with an error message referring to a 'synchronisation' problem asking you to enter the code generated by your Security Device
- You see any screens that you think are unusual or are missing information
How can I protect myself further?
Installing a firewall and virus protection software on your computer or local area network (LAN) is the single most important thing you can do to protect yourself against malware and viruses. Firewall and virus protection software is available from providers such as Norton and McAfee. Reputable firewall and virus protection vendors will provide regular software updates to ensure that you are protected against new hacking attempts. You must be vigilant in keeping this protection up to date.
It is also important to download new browser security patches when they are available because they are designed to provide you with protection from known security problems. In addition, do not install pirated software or software from unknown providers.
You can rest assured that HSBCnet is a secure channel that is rigorously monitored to protect our customers. You can help us keep fraud out of business by being cautious when conducting transactions online and protecting yourself with the latest anti-virus software.
HSBC and other companies abiding by industry standards will not send e-mails requesting or containing your security or confidential details, such as ID numbers, account log-on details or memorable word information. We will never ask you to enter or confirm your security details through an e-mail. By contrast, this is typically what a phishing e-mail does when it tries to obtain your security details.