What is phishing?

Phishing involves fraudsters using methods such as sending e-mails that requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PINs etc. Usually, these e-mails claim to come from a legitimate organisation such as a bank, or online retailer.

The e-mail will contain a link that takes you to a spoof website that looks identical (or very similar) to the organisation’s genuine site. The fraudster can then capture personal data like passwords as you type it in or download malware onto your computer.

How can you protect yourself against phishing?

Always make sure that you see your personalised image when you receive an e-mail from us; any message we send to you includes your anti-phishing image. Your personalised image is known only by us, so you can be sure that any message containing your image is legitimate. If you ever receive an e-mail without your image, do not open any attachments or click any links in the e-mail.

Reputable organisations do not send unsolicited e-mail messages asking their customers to update or verify their personal and security details.

If you are in doubt about the legitimacy of the e-mail, or if you think that you have been a victim of a phishing scam, you should contact the organisation in question immediately. You should, however, be careful to use the normal method you use to contact the organisation in question, rather than use any suggestions included in, or by responding to, the e-mail.

Related content

Secure e-mail and TLS

Security is one of our highest priorities, particularly when dealing with our customer, partner and client information.

SecureMail FAQ

Learn more about HSBC’s security policy on e-mails, Forced TLS and other information on SecureMail.

About SecureMail

Learn about SecureMail and the terms and conditions for SecureMail use.

Mail reader help

Learn how you can read SecureMail using popular e-mail applications.