Beware surge of HSBC scam phishing texts
For the last few weeks, people in the UK have reported a surge of phishing text messages targeting HSBC banking customers, often using a payee request from a “Mr. C Jones” as bait.
Other scams used different names or no name at all.
IT’S A SCAM
Phishing text messages, otherwise known as smishing, have been on the rise since the pandemic hit. In fact we’ve seen a rise in all types of these scams targeting customers of a variety of services, and we’ve even seen some new smishing scams hit inboxes as well. You can read our top 5 of 2021 here.
But it seems in the UK, HSBC bank is one of the organisations most frequently targeted by these scammers, with a plethora of scam texts in circulation that aim to lure customers of the bank into clicking dangerous links. See some examples below, many of which appear to use the same name to trick recipients.
HSBC: New payee request to MR C JONES through your HSBC mobile banking app. If this was NOT you, please visit… link redacted
HSBC FRAUD ALERT: You have authorised a payment of £240.00 to Mr C Jones. If this was not you, please cancel via:
HSBC ALERT: A payee request for MR C Jones has been made on your account. If this was NOT done by you, visit:
Some examples used different names, such as MRS K ADAMS.
HSBC ALERT: A payee request for MRS K ADAMS has been made on your account. If this was NOT done by you, visit:
Some didn’t mention any name.
HSBC: A payment was attempted from a NEW DEVICE on 08/04 at 15.30pm. If this was NOT you, please visit:
This is called social engineering. Tricks design to fool someone into compromising their own security. In this case, by clicking a link to a spoof website.
Such HSBC-themed texts are even going out to people who don’t bank with HSBC, suggesting the crooks are simply mass-mailing out the same scams to countless potential victims knowing that a certain percentage of them will use HSBC and thus more likely to take their scam text at face value.
As with all phishing text messages, the messages themselves (that often claim a payment was authorised, a payee has been added or new device has been added to an account) are completely fabricated, and designed to panic a recipient into clicking a link that leads to a malicious website.
Sponsored Content. Continued below...
That website looks like the HSBC website, but beware. It’s not. It’s a spoof website, and any information you enter into it will be sent straight to the scammers. That includes personal information as well as your online banking login information. Not to put too a finer point on it, that’s enough information for crooks to empty your bank accounts and commit identity theft.
The advice is simple as simple can be. Never click on links in unexpected emails, text messages or social media messages. If you’re not sure if a particular communication is genuine, contact your bank using the contact information on official paperwork, or open your browser and go straight to your bank’s website.
But most importantly, assume any information and links provided in a text message cannot be trusted. And lastly, always have good security software installed on your mobile device capable of preventing phishing scams. Our recommendation for mobile security software is here.