Common fraud scams

Card skimming and cloning

Fraudsters copy the magnetic strip on your card, and use it to withdraw money or make purchases in countries and regions where chip technology hasn't been introduced.

How it can happen:

• if someone takes your card out of sight to use their card machine. For example if you pay by card at a restaurant and the waiter doesn't bring the machine to you.
  
• using an electronic device placed on a terminal or ATM.
  

Theft of passwords and other authentication details

Fraudsters copy your card details – such as the number and expiry date – and use them even though you still have it.

This can happen when you use your card in person and when you share the details online or by telephone.

Protect your PIN

Never tell anyone your PIN. Memorize it and don't write it down anywhere. If you forget it, you can ask your bank for a new one.

Make sure others can't see you enter your code.

Don't let others use your card

Sign the back of your card as soon as you get it and keep it in a safe place.

Never give your card to someone else, even a relative. If a third party uses your card without your knowledge using the PIN, you may still be liable.

Be careful when using your card

Never use a cash machine or ATM with any unusual devices attached, such as on the card slot or keypad. Report any suspicious devices to the bank.

Don't let anyone distract you when making a withdrawal or payment.

If your card is swallowed by a bank ATM, either get it back from the branch immediately or cancel your card.

Take care online

Check that the website is secure. You should see 'https' and a green padlock in the address bar.

Websites with the 3DSecure logo offer stronger authentication. You need to enter a single-use code, usually sent by SMS, to confirm the payment.

If you receive a code on your phone for a transaction you haven't made, contact your bank immediately to block your card.

Never reply to an e-mail asking you for your bank details, even if it seems to come from the bank or a company you know. It may be a phishing attempt.

Don't forget to:

Check your bank accounts regularly for any suspicious transactions.

Write down your card number and expiry date. Keep this information in a safe place in case you need to cancel your card.

Before going abroad, contact your bank to find out about card protection mechanisms. Be careful using your card in countries or regions that don't require you to enter your PIN.

If your card is lost or stolen, contact the credit card cancellation centre immediately.

Phishing emails

Fraudsters send you a link to a fake website so they can gather personal and confidential information to access your bank account.

It will look like your bank's website, the same logo, graphics and even words. You may be asked for details like your card number, PIN and online banking access codes.

Good to know: phishing scams can also use letters or telephone calls to get the confidential information they want.

Malware

Malware is malicious software that's installed on your computer without your knowledge.

It usually involves downloading a file or attachment from an email or fraudulent website. The software steals confidential information such as your log on, card or account details.

Malware includes any type of malicious software or virus, such as Trojan horses, worms, keyloggers, etc.

Ransomware

Like malware, ransomware is malicious software that's installed on your computer, tablet or smartphone without your knowledge.

It blocks access to your devices, or encrypts personal and important documents, then demands money to restore them.

You'll be redirected to a screen asking you to pay the fraudster for a decryption key or to avoid losing all your data. Depending on the device and system, the virus can spread through an entire network.

Pharming

The fraudster makes your computer access a fake website every time you enter a real website address on your browser. They then retrieve the information, such as passwords or payment details, that you would use on the real site.

Vishing
This is a phishing scam that's done by telephone.

• fraudsters use a voice server inviting you to call a number, often charged at a premium rate. This leads to an answering service designed to get you to reveal as much of your personal or confidential information as possible.
  
• fraudsters can also call you directly pretending to be bank employees. Usually, they mention a problem with your account or credit card. Then they'll ask for your bank details to stop a potential fraudulent payment.
  

Fraudsters use these details to access your accounts or shop online.

Investment scams

Fake investment scams are affecting more and more people, and the losses can be significant. They mostly happen online, but can also be done by telephone or even word of mouth.

When returns on traditional investments are low, it can be tempting to look for more profitable solutions. These scams take advantage of this perfectly sensible motivation to offer:

• promises of unrealistic returns
  
• fake investments in new sectors, such as wine, cryptocurrency, new technologies or even agricultural breeding with shares in cow herds
  
• fake financial advisers and identity thieves offering things like fake savings books or credit repurchases
  

Common fraudulent investments include:

• FOREX (Foreign exchange): currency exchange markets open 24/7,
  
• binary market: speculation on the evolution of a security over a very short period of time,
  
• savings products offering boosted rates.
  

This is sometimes called a 'Ponzi scheme'.

Each saver has to find new savers, and investments made by one person are paid out as returns to another.

When the fraudster can no longer get new payments or reimburse those who want to withdraw their funds, they disappear with the money.

Cheque scams on social media 

Fraudsters try to gain your trust on social media, such as Instagram©, Facebook© or Snapchat©.

They may claim they can't access their bank accounts, and offer to pay you to deposit cheques into your account for them.

• after handing over the cheques, they ask you to transfer the funds to them.
  
• the fraudster's cheques come back unpaid and the money transferred to their accounts is lost.
  

Warning: In addition to a financial loss, this type of fraud could involve you in a bigger fraud and lead to prosecution!

Emotional scams

Fraudsters try to gain your trust through dating sites or social media.

Then they say they have a personal or financial problem, and need you to send them money by bank transfer, a money transfer service or by loading a prepaid card.

They may also offer you a cheque to pay you back later, which will come back unpaid.

Mortgage fraud

You visit a comparison website, and afterwards a fraudster claiming to be from HSBC contacts you by email and/or telephone.

Then they try to gain your confidence in order to get your personal data.

To do this, they may confirm some of the loan details you entered, then offer you a limited or exclusive loan rate. Then they will either:

• ask you to post them confidential documents, like your national identity card, passport, salary slips, tax return or proof of address, so they can use your details,
  
• or ask you to transfer a deposit, an application fee or an initial payment.
  

The fraudster won't offer you an appointment in branch.

Good to know: If you use an HSBC loan calculator, we'll only call to confirm the information you provided and arrange a branch appointment.

You'll then get an email confirming your appointment and the documents you need to bring.

We'll only contact you from an email address ending hsbc.fr and will never ask you to transfer any processing fees or payments.

Cryptocurrencies

Cryptocurrencies like Bitcoin are getting more popular, so here are the latest warnings from the French Financial Markets Authority (AMF).

• cryptocurrencies are highly volatile and can drop in value suddenly. They offer no guarantees or protection for the capital invested.
  
• buying and selling cryptocurrencies is unregulated. They are not legally recognised as currency or a means of payment, so they are not protected by any related guarantees or legal frameworks.
  
  • cryptocurrencies are not secure. They are stored in electronic wallets which can be hacked, with no recourse against the hackers.
    

Be careful opening emails

Never use the link in an email to connect to a merchant site and make a payment. Always enter the merchant's website address manually.

Never reply to suspicious emails. Even if they appear to use HSBC's contact details or identity.

Never send personal information in reply to such a message. Tell your account manager or HSBC Customer Relations department as soon as possible. See Useful Contacts.

Protect your equipment

The security of your payments depends on the security of your computer, mobile phone, tablets and other devices.

• keep your operating system up-to-date
  
• install an up-to-date anti-virus and firewall
  
• only download programs and content from reliable sources
• don't make payments if you think there's a virus on your device
• help protect yourself against malware and fake sites with these free applications:
  

Trusteer Rapport - for My Online Banking and Elys PC customers

Webroot - for HSBCnet

• use a recognised internet service provider and follow their security advice
  

Don't make payments or enter personal details, unless the website address starts https and there's a closed padlock or key icon in the browser.

Don't tell anyone your login details.

Change your memorable questions regularly.

Don't lend anyone your digipass or Secure Key.

Regularly check your accounts online for fraudulent transactions and to see the last time you logged on.

Always select 'log out' to close online banking securely.

Beware of suspicious telephone calls

Never give out personal or confidential information like your bank or login details and passwords by telephone.

Check any business phone numbers are correct on their website.

Don't send confidential documents or information by post or email, or make money transfers.

Contact us in branch or by phone using a number from our website to confirm any offer you receive is really from HSBC France.

If in doubt, call us immediately on one of the numbers here.

Investments scams

How to spot them

Always be wary of overly attractive offers.

• is it too good to be true and is reserved for a few privileged people?
• is the adviser very insistent and not interested in your financial needs or situation?
• do they insist that the first payment is made quickly?

No evidence of fraud?

Before investing, always check:

• is the website reputable and well-known?
• is this advisor registered in the authorities' files?
• does the company appear on the AMF's list of fraudulent websites?

If someone contacts you claiming to be from a recognised financial institution, check the offer really exists. Visit a branch or call the telephone number on their website, not the one on the offer.

Beware of fake websites

Fraudsters could give you a link to a website that gives a fake history of the portfolio and its performance, as well as false testimonials and comments.

See the AMF's (Autorité des Marchés Financiers) guide to avoiding fraud

You can find their recommendations here.

The 'fake boss' scam

The fraudster poses as a manager on a phone call, fax or e-mail and asks the employee to make a payment to an account which is often held overseas.

Fake payment updates

The fraudster uses a company or individual's account details to update the payment details of a landlord, supplier or another creditor, so the fraudster gets the money.

They send the new instructions by email, copying the style of the actual creditor.

Again, the 'new' bank details often relate to overseas accounts.

IT fraud

The fraudster pretends to be a technician at the company and asks the employee to make a 'test transfer'.

They may also ask them to install software that lets them access security information or the entire computer system.

This type of fraud has become more common since the introduction of SEPA payments.

The 'tests' are in fact real transfers to foreign accounts.

Personal

Check any requests to change existing payment details (from your landlord for example), especially if they are abroad.

Contact the beneficiary using your current contact details - not the ones on the request - to make sure the request is genuine.

Businesses

Always follow your internal procedures for making transfers

Make sure employees are aware of potential fraud risks

Watch out for corporate scams

Control who has access to the company's banking details

Conduct regular audits to identify unusual payments

Ensure you have secure internet access for payments

Install anti-malware software on all devices on your network

Contact the bank and the police if you spot either fraud or attempted fraud

Good to know: Scam techniques change all the time, so keep your operating systems and fraud protection up to date.

Theft

The thief steals your cheque book from your luggage, clothing, car or post. They may even try to get it directly from your bank branch.

They use it to write cheques on your account.

False cheques

If a fraudster gets your cheque or chequebook, they can:

• use a blank cheque to forge your signature.
• alter a cheque to change the amount or beneficiary.

Stealing bank details

Fraudsters can use your bank details to buy themselves goods or services, such as a telephone subscription, without the required checks.
 

SEPA payments

Fraudsters set up a direct debit for a third party without your approval, then transfer the money to a foreign account.

Keep them safe

Write down and keep the first and last cheque numbers when get a new cheque book.

Try to use one cheque book at a time and always keep it in a safe place.

Have your cheque books delivered by registered mail or pick them up at your branch.

Never sign blank cheques in advance.

In the event of loss, theft or fraudulent use, contact your branch or call our National Lost or Stolen Cheque Call Centre immediately, 24/7.

Write cheques carefully

Use a black ballpoint pen to help prevent tampering.

Don't erase or write over mistakes.

Don't leave spaces in front of the sums in figures and letters. Draw a horizontal line to prevent extra figures or letters being added.

Never change the information on a cheque.

Review cheques completed by a machine, and only sign when certain the information is correct.

Never write blank cheques: you can't control who will cash it or for how much.

Check your receipts

Confirm the identity of anyone who gives you a cheque.

Check the printed information as well as the handwritten sum, date and signature. Look for signs of alteration, like different ink colours or handwriting, stains and traces of scratching or erasure.

If there's no beneficiary, complete it with your name and sign on the back immediately.

Beware of cheques for a higher sum than needed, especially if asked to pay the difference. The cheque could come back unpaid.

Never agree to deposit a cheque for another payee into your account.

Take care with banker's cheques

Keep your bank account information secure.

Check your account statements for unexpected payments.

If you see a payment you don't recognise, raise it immediately with your bank.