Alt+0 to show this section, Tab to navigate forward, Shift+Tab key to navigate backward, Enter to access link, and Esc to reset

Press tab key to access skip links section. Press Alt+0 to access it anytime.

Nowadays, most of us use the internet. We like to e-mail, chat and have fun online as well as use it to buy and sell things and do our banking.

Unfortunately, it also provides opportunities for criminals to:

  • Infect your computer with spyware and steal your identity
  • Mess up your computer with pop-ups and viruses
  • Send you spam and scam e-mails
  • Trick you into visiting fake websites and handing over personal information
  • Hack into your wireless network
Protect yourself online

In our view, there are a few key rules that offer the most protection online for the least amount of effort. They are not all the measures you can take, but they are an excellent start – and they apply equally to business owners and to private individuals.

What you should always do:

Make sure you have the latest security updates and patches

From time to time, weaknesses are discovered in programmes running on your computer. These weaknesses can be exploited by virus writers and hackers to gain access to computers. As such, publishers will release 'patches' from time to time to correct these weaknesses.

To check for patches and updates you should visit the publisher's website, typically their 'Download' section. Generally, the latest versions of an operating system family (like Microsoft Windows) or browser (like Internet Explorer, Firefox etc) is the most secure.

Microsoft users can visit: , which can automatically check what is required for both your operating system and browser and then download it at your request.

Install anti-virus software

You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definition files. If you are unsure how to do this, you should refer to the programme's 'Help' function.

Any file with no extension or a double extension, eg wow.jpg.pif is almost certainly a virus and should never be opened. Also, never open an e-mail attachment that contains a file ending with .exe, .pif and .vbs as these are commonly used with viruses.

There are many effective programmes to choose from, but the most common commercial products include McAfee, Trend Micro, Sophos, Symantec and F-Secure. It is also possible to obtain free anti-virus protection from Microsoft Security Essentials, Grisoft AVG Anti-Virus, Antivir, ALWIL Avast and ClamWin. However, be sure to visit the genuine site as there are many fake products claiming to protect your computer but which may actually infect it with viruses.

Use a personal firewall

A personal firewall is another small programme that helps protect your computer and its contents from outsiders on the internet. When installed and correctly configured, it stops unauthorised traffic to and from your computer.

There are many effective programmes to choose from. Common commercial examples include Windows Firewall and Check Point Zone Alarm (free), McAfee Personal Firewall and Norton Personal Firewall.

Use an anti-spyware programme

Spyware is the term used to describe programmes that run on your computer which monitor and record the way you browse the internet and the sites you visit. It can also be downloaded without your consent or knowledge and used to see personal information that you have entered online, including passwords, telephone numbers, credit card numbers and identity card numbers.

Anti-spyware programmes currently available include AdAware, Microsoft Defender (free), Spyware Blaster, Spy Sweeper and, Sunbelt Software Counter Spy. Again, be sure to visit the genuine site as there are many fake products claiming to protect your computer but which may actually infect it with viruses.

Block spam e-mail

Spam can be used to launch phishing attacks, inviting you to click on links that will then download malware to your computer or direct you to a fake website. If you receive any e-mail from an unrecognised source, you should delete it without opening it. You should also be able to activate a spam filter, which will automatically route all such mail to a separate inbox. Deleting unwanted spam without reading it will also protect you from most phishing e-mails.

HSBC will never send you an unsolicited e-mail containing a link to any of its logon pages. If you receive one, it will not be from the bank and should be deleted immediately.

Be alert to potential fraud

Be aware that there are fake websites designed to trick you and collect your personal information. Sometimes links to such websites are contained in e-mail messages purporting to come from financial institutions or other reputable organisations. Never follow a link contained in an e-mail – even if it appears to come from your bank.

Keep your passwords secure

Your HSBC Internet Banking password, together with your other internet banking credentials, permit access to your bank accounts. When creating passwords, remember the following things:

  • Keep them to yourself: No one at HSBC will ever ask you for your Internet Banking password
  • Make them hard to guess
  • Vary them: Try to use different passwords for different services
  • Change your passwords regularly
  • Never write them down

Be careful where you go online

Avoid using Internet Banking (or any other internet services that require passwords) at internet cafés, libraries or any other public sites to avoid the risk of information being copied and abused after you leave.

Always log off

Remember to log off from Internet Banking and close your browser when you have finished your online banking. This will clear all traces of your visit from the computer's memory.

Password-protect your computer

This will prevent other people from using it if it is left unattended or stolen.

Disable the 'AutoComplete' function within your browser

The 'AutoComplete' function on your computer stores information that you have previously entered, eg: addresses and passwords. Typically, the browser's own 'Help' function will tell you how to do disable the function.

Don't use administrator mode

It's a good idea not to use your computer in administrator mode because anyone who gains access to it will then have almost unlimited rights to see stored data or download software – including viruses. It's far better to make a user account and log in with that for day-to-day use.

Secure your wireless network

A wireless network allows you to connect your computer to the internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Wireless routers come preset to very insecure settings to help users connect to them for the first time – but this also means that other people could access your internet account quite easily. For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a password.

Take care offline

  • Review your bank and credit card statements for any unusual transactions or withdrawals and notify the bank immediately if you suspect any discrepancies
  • Tell us of any changes in your personal details (eg address change)
  • Keep your paper records safe. Store your bank documents in a safe place. Always shred them when they are no longer required
  • If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it in two through the account number and the magnetic strip

How HSBC protects you online

  1. We ensure your online transactions are safe and secure. We use industry standard security technology and practices to safeguard your account from any unauthorised access.
  2. Using logons and passwords to make sure we're dealing with you. Online access to your account is only possible once you have authenticated yourself using the correct Internet Banking ID and security details.
  3. Creating secure online sessions. When you log in to Internet Banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// and a padlock symbol appears at the top of the page as part of the address bar.
  4. Using encryption. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. We use 128-bit SSL encryption, which is accepted as the industry standard.
  5. Using session timeouts. If you forget to log- off after banking online or your computer remains inactive for a period of time during a session, our systems automatically log you off.
  6. Having automatic lockouts. After a number of incorrect attempts to log in, we disable online access to your account. To re-activate your account, you should contact your usual help desk number.