Protect yourself and others
Find out how you can help protect yourself against the most frequent scams.
This guide explains how they work, what to look out for, and what you can do about them.
Bank cards
Card payments are getting safer all the time, but it still pays to take a few precautions to help prevent fraud:
Card skimming and cloning
Fraudsters copy the magnetic strip on your card, and use it to withdraw money or make purchases in countries where chip technology hasn't been introduced.
How it can happen:
- if someone takes your card out of sight to use their card machine. For example if you pay by card at a restaurant and the waiter doesn't bring the machine to you.
- using an electronic device placed on a terminal or ATM.
Theft of passwords and other authentication details
Fraudsters copy your card details – such as the number and expiry date – and use them even though you still have it.
This can happen when you use your card in person and when you share the details online or by telephone.
Protect your PIN
Never tell anyone your PIN. Memorize it and don't write it down anywhere. If you forget it, you can ask your bank for a new one.
Make sure others can't see you enter your code.
Don't let others use your card
Sign the back of your card as soon as you get it and keep it in a safe place.
Never give your card to someone else, even a relative. If a third party uses your card without your knowledge using the PIN, you may still be liable.
Be careful when using your card
Never use a cash machine or ATM with any unusual devices attached, such as on the card slot or keypad. Report any suspicious devices to the bank.
Don't let anyone distract you when making a withdrawal or payment.
If your card is swallowed by a bank ATM, either get it back from the branch immediately or cancel your card.
Take care online
Check that the website is secure. You should see 'https' and a green padlock in the address bar.
Websites with the 3DSecure logo offer stronger authentication. You need to enter a single-use code, usually sent by SMS, to confirm the payment.
If you receive a code on your phone for a transaction you haven't made, contact your bank immediately to block your card.
Never reply to an e-mail asking you for your bank details, even if it seems to come from the bank or a company you know. It may be a phishing attempt.
Don't forget to:
Check your bank accounts regularly for any suspicious transactions.
Write down your card number and expiry date. Keep this information in a safe place in case you need to cancel your card.
Before going abroad, contact your bank to find out about card protection mechanisms. Be careful using your card in countries that don't require you to enter your PIN.
If your card is lost or stolen, contact the credit card cancellation centre immediately.
Common scams
Card skimming and cloning
Fraudsters copy the magnetic strip on your card, and use it to withdraw money or make purchases in countries where chip technology hasn't been introduced.
How it can happen:
- if someone takes your card out of sight to use their card machine. For example if you pay by card at a restaurant and the waiter doesn't bring the machine to you.
- using an electronic device placed on a terminal or ATM.
Theft of passwords and other authentication details
Fraudsters copy your card details – such as the number and expiry date – and use them even though you still have it.
This can happen when you use your card in person and when you share the details online or by telephone.
Good habits
Protect your PIN
Never tell anyone your PIN. Memorize it and don't write it down anywhere. If you forget it, you can ask your bank for a new one.
Make sure others can't see you enter your code.
Don't let others use your card
Sign the back of your card as soon as you get it and keep it in a safe place.
Never give your card to someone else, even a relative. If a third party uses your card without your knowledge using the PIN, you may still be liable.
Be careful when using your card
Never use a cash machine or ATM with any unusual devices attached, such as on the card slot or keypad. Report any suspicious devices to the bank.
Don't let anyone distract you when making a withdrawal or payment.
If your card is swallowed by a bank ATM, either get it back from the branch immediately or cancel your card.
Take care online
Check that the website is secure. You should see 'https' and a green padlock in the address bar.
Websites with the 3DSecure logo offer stronger authentication. You need to enter a single-use code, usually sent by SMS, to confirm the payment.
If you receive a code on your phone for a transaction you haven't made, contact your bank immediately to block your card.
Never reply to an e-mail asking you for your bank details, even if it seems to come from the bank or a company you know. It may be a phishing attempt.
Don't forget to:
Check your bank accounts regularly for any suspicious transactions.
Write down your card number and expiry date. Keep this information in a safe place in case you need to cancel your card.
Before going abroad, contact your bank to find out about card protection mechanisms. Be careful using your card in countries that don't require you to enter your PIN.
If your card is lost or stolen, contact the credit card cancellation centre immediately.
Online banking
Fraudsters are increasingly targeting online banking customers. To protect you, we've introduced a number of new anti-fraud measures.
Phishing emails
Fraudsters send you a link to a fake website so they can gather personal and confidential information to access your bank account.
It will look like your bank's website, the same logo, graphics and even words. You may be asked for details like your card number, PIN and online banking access codes.
Good to know: phishing scams can also use letters or telephone calls to get the confidential information they want.
Malware
Malware is malicious software that's installed on your computer without your knowledge.
It usually involves downloading a file or attachment from an email or fraudulent website. The software steals confidential information such as your log on, card or account details.
Malware includes any type of malicious software or virus, such as Trojan horses, worms, keyloggers, etc.
Ransomware
Like malware, ransomware is malicious software that's installed on your computer, tablet or smartphone without your knowledge.
It blocks access to your devices, or encrypts personal and important documents, then demands money to restore them.
You'll be redirected to a screen asking you to pay the fraudster for a decryption key or to avoid losing all your data. Depending on the device and system, the virus can spread through an entire network.
Pharming
The fraudster makes your computer access a fake website every time you enter a real website address on your browser. They then retrieve the information, such as passwords or payment details, that you would use on the real site.
Vishing
This is a phishing scam that's done by telephone.
- fraudsters use a voice server inviting you to call a number, often charged at a premium rate. This leads to an answering service designed to get you to reveal as much of your personal or confidential information as possible.
- fraudsters can also call you directly pretending to be bank employees. Usually, they mention a problem with your account or credit card. Then they'll ask for your bank details to stop a potential fraudulent payment.
Fraudsters use these details to access your accounts or shop online.
Investment scams
Fake investment scams are affecting more and more people, and the losses can be significant. They mostly happen online, but can also be done by telephone or even word of mouth.
When returns on traditional investments are low, it can be tempting to look for more profitable solutions. These scams take advantage of this perfectly sensible motivation to offer:
- promises of unrealistic returns
- fake investments in new sectors, such as wine, cryptocurrency, new technologies or even agricultural breeding with shares in cow herds
- fake financial advisers and identity thieves offering things like fake savings books or credit repurchases
Common fraudulent investments include:
- FOREX (Foreign exchange): currency exchange markets open 24/7,
- binary market: speculation on the evolution of a security over a very short period of time,
- savings products offering boosted rates.
This is sometimes called a 'Ponzi scheme'.
Each saver has to find new savers, and investments made by one person are paid out as returns to another.
When the fraudster can no longer get new payments or reimburse those who want to withdraw their funds, they disappear with the money.
Cheque scams on social media
Fraudsters try to gain your trust on social media, such as Instagram©, Facebook© or Snapchat©.
They may claim they can't access their bank accounts, and offer to pay you to deposit cheques into your account for them.
- after handing over the cheques, they ask you to transfer the funds to them.
- the fraudster's cheques come back unpaid and the money transferred to their accounts is lost.
Warning: In addition to a financial loss, this type of fraud could involve you in a bigger fraud and lead to prosecution!
Emotional scams
Fraudsters try to gain your trust through dating sites or social media.
Then they say they have a personal or financial problem, and need you to send them money by bank transfer, a money transfer service or by loading a prepaid card.
They may also offer you a cheque to pay you back later, which will come back unpaid.
Mortgage fraud
You visit a comparison website, and afterwards a fraudster claiming to be from HSBC contacts you by email and/or telephone.
Then they try to gain your confidence in order to get your personal data.
To do this, they may confirm some of the loan details you entered, then offer you a limited or exclusive loan rate. Then they will either:
- ask you to post them confidential documents, like your national identity card, passport, salary slips, tax return or proof of address, so they can use your details,
- or ask you to transfer a deposit, an application fee or an initial payment.
The fraudster won't offer you an appointment in branch.
Good to know: If you use an HSBC loan calculator, we'll only call to confirm the information you provided and arrange a branch appointment.
You'll then get an email confirming your appointment and the documents you need to bring.
We'll only contact you from an email address ending hsbc.fr and will never ask you to transfer any processing fees or payments.
Cryptocurrencies
Cryptocurrencies like Bitcoin are getting more popular, so here are the latest warnings from the French Financial Markets Authority (AMF).
- cryptocurrencies are highly volatile and can drop in value suddenly. They offer no guarantees or protection for the capital invested.
- buying and selling cryptocurrencies is unregulated. They are not legally recognised as currency or a means of payment, so they are not protected by any related guarantees or legal frameworks.
- cryptocurrencies are not secure. They are stored in electronic wallets which can be hacked, with no recourse against the hackers.
- cryptocurrencies are not secure. They are stored in electronic wallets which can be hacked, with no recourse against the hackers.
Be careful opening emails
Never use the link in an email to connect to a merchant site and make a payment. Always enter the merchant's website address manually.
Never reply to suspicious emails. Even if they appear to use HSBC's contact details or identity.
Never send personal information in reply to such a message. Tell your account manager or HSBC Customer Relations department as soon as possible. See Useful Contacts.
Protect your equipment
The security of your payments depends on the security of your computer, mobile phone, tablets and other devices.
- keep your operating system up-to-date
- install an up-to-date anti-virus and firewall
- only download programs and content from reliable sources
- don't make payments if you think there's a virus on your device
- help protect yourself against malware and fake sites with these free applications:
Trusteer Rapport - for My Online Banking and Elys PC customers
Webroot - for HSBCnet
- use a recognised internet service provider and follow their security advice
| Bank online securely |
|
Don't make payments or enter personal details, unless the website address starts https and there's a closed padlock or key icon in the browser.
Don't tell anyone your login details.
Change your memorable questions regularly.
Don't lend anyone your digipass or Secure Key.
Regularly check your accounts online for fraudulent transactions and to see the last time you logged on.
Always select 'log out' to close online banking securely.
Beware of suspicious telephone calls
Never give out personal or confidential information like your bank or login details and passwords by telephone.
Check any business phone numbers are correct on their website.
Don't send confidential documents or information by post or email, or make money transfers.
Contact us in branch or by phone using a number from our website to confirm any offer you receive is really from HSBC France.
If in doubt, call us immediately on one of the numbers here.
Investments scams
How to spot them
Always be wary of overly attractive offers.
- is it too good to be true and is reserved for a few privileged people?
- is the adviser very insistent and not interested in your financial needs or situation?
- do they insist that the first payment is made quickly?
No evidence of fraud?
Before investing, always check:
- is the website reputable and well-known?
- is this advisor registered in the authorities' files?
- does the company appear on the AMF's list of fraudulent websites?
If someone contacts you claiming to be from a recognised financial institution, check the offer really exists. Visit a branch or call the telephone number on their website, not the one on the offer.
Beware of fake websites
Fraudsters could give you a link to a website that gives a fake history of the portfolio and its performance, as well as false testimonials and comments.
See the AMF's (Autorité des Marchés Financiers) guide to avoiding fraud
You can find their recommendations here.
Common scams
Phishing emails
Fraudsters send you a link to a fake website so they can gather personal and confidential information to access your bank account.
It will look like your bank's website, the same logo, graphics and even words. You may be asked for details like your card number, PIN and online banking access codes.
Good to know: phishing scams can also use letters or telephone calls to get the confidential information they want.
Malware
Malware is malicious software that's installed on your computer without your knowledge.
It usually involves downloading a file or attachment from an email or fraudulent website. The software steals confidential information such as your log on, card or account details.
Malware includes any type of malicious software or virus, such as Trojan horses, worms, keyloggers, etc.
Ransomware
Like malware, ransomware is malicious software that's installed on your computer, tablet or smartphone without your knowledge.
It blocks access to your devices, or encrypts personal and important documents, then demands money to restore them.
You'll be redirected to a screen asking you to pay the fraudster for a decryption key or to avoid losing all your data. Depending on the device and system, the virus can spread through an entire network.
Pharming
The fraudster makes your computer access a fake website every time you enter a real website address on your browser. They then retrieve the information, such as passwords or payment details, that you would use on the real site.
Vishing
This is a phishing scam that's done by telephone.
- fraudsters use a voice server inviting you to call a number, often charged at a premium rate. This leads to an answering service designed to get you to reveal as much of your personal or confidential information as possible.
- fraudsters can also call you directly pretending to be bank employees. Usually, they mention a problem with your account or credit card. Then they'll ask for your bank details to stop a potential fraudulent payment.
Fraudsters use these details to access your accounts or shop online.
Investment scams
Fake investment scams are affecting more and more people, and the losses can be significant. They mostly happen online, but can also be done by telephone or even word of mouth.
When returns on traditional investments are low, it can be tempting to look for more profitable solutions. These scams take advantage of this perfectly sensible motivation to offer:
- promises of unrealistic returns
- fake investments in new sectors, such as wine, cryptocurrency, new technologies or even agricultural breeding with shares in cow herds
- fake financial advisers and identity thieves offering things like fake savings books or credit repurchases
Common fraudulent investments include:
- FOREX (Foreign exchange): currency exchange markets open 24/7,
- binary market: speculation on the evolution of a security over a very short period of time,
- savings products offering boosted rates.
This is sometimes called a 'Ponzi scheme'.
Each saver has to find new savers, and investments made by one person are paid out as returns to another.
When the fraudster can no longer get new payments or reimburse those who want to withdraw their funds, they disappear with the money.
Cheque scams on social media
Fraudsters try to gain your trust on social media, such as Instagram©, Facebook© or Snapchat©.
They may claim they can't access their bank accounts, and offer to pay you to deposit cheques into your account for them.
- after handing over the cheques, they ask you to transfer the funds to them.
- the fraudster's cheques come back unpaid and the money transferred to their accounts is lost.
Warning: In addition to a financial loss, this type of fraud could involve you in a bigger fraud and lead to prosecution!
Emotional scams
Fraudsters try to gain your trust through dating sites or social media.
Then they say they have a personal or financial problem, and need you to send them money by bank transfer, a money transfer service or by loading a prepaid card.
They may also offer you a cheque to pay you back later, which will come back unpaid.
Mortgage fraud
You visit a comparison website, and afterwards a fraudster claiming to be from HSBC contacts you by email and/or telephone.
Then they try to gain your confidence in order to get your personal data.
To do this, they may confirm some of the loan details you entered, then offer you a limited or exclusive loan rate. Then they will either:
- ask you to post them confidential documents, like your national identity card, passport, salary slips, tax return or proof of address, so they can use your details,
- or ask you to transfer a deposit, an application fee or an initial payment.
The fraudster won't offer you an appointment in branch.
Good to know: If you use an HSBC loan calculator, we'll only call to confirm the information you provided and arrange a branch appointment.
You'll then get an email confirming your appointment and the documents you need to bring.
We'll only contact you from an email address ending hsbc.fr and will never ask you to transfer any processing fees or payments.
Cryptocurrencies
Cryptocurrencies like Bitcoin are getting more popular, so here are the latest warnings from the French Financial Markets Authority (AMF).
- cryptocurrencies are highly volatile and can drop in value suddenly. They offer no guarantees or protection for the capital invested.
- buying and selling cryptocurrencies is unregulated. They are not legally recognised as currency or a means of payment, so they are not protected by any related guarantees or legal frameworks.
- cryptocurrencies are not secure. They are stored in electronic wallets which can be hacked, with no recourse against the hackers.
- cryptocurrencies are not secure. They are stored in electronic wallets which can be hacked, with no recourse against the hackers.
Good habits
Be careful opening emails
Never use the link in an email to connect to a merchant site and make a payment. Always enter the merchant's website address manually.
Never reply to suspicious emails. Even if they appear to use HSBC's contact details or identity.
Never send personal information in reply to such a message. Tell your account manager or HSBC Customer Relations department as soon as possible. See Useful Contacts.
Protect your equipment
The security of your payments depends on the security of your computer, mobile phone, tablets and other devices.
- keep your operating system up-to-date
- install an up-to-date anti-virus and firewall
- only download programs and content from reliable sources
- don't make payments if you think there's a virus on your device
- help protect yourself against malware and fake sites with these free applications:
Trusteer Rapport - for My Online Banking and Elys PC customers
Webroot - for HSBCnet
- use a recognised internet service provider and follow their security advice
| Bank online securely |
|
Don't make payments or enter personal details, unless the website address starts https and there's a closed padlock or key icon in the browser.
Don't tell anyone your login details.
Change your memorable questions regularly.
Don't lend anyone your digipass or Secure Key.
Regularly check your accounts online for fraudulent transactions and to see the last time you logged on.
Always select 'log out' to close online banking securely.
Beware of suspicious telephone calls
Never give out personal or confidential information like your bank or login details and passwords by telephone.
Check any business phone numbers are correct on their website.
Don't send confidential documents or information by post or email, or make money transfers.
Contact us in branch or by phone using a number from our website to confirm any offer you receive is really from HSBC France.
If in doubt, call us immediately on one of the numbers here.
Investments scams
How to spot them
Always be wary of overly attractive offers.
- is it too good to be true and is reserved for a few privileged people?
- is the adviser very insistent and not interested in your financial needs or situation?
- do they insist that the first payment is made quickly?
No evidence of fraud?
Before investing, always check:
- is the website reputable and well-known?
- is this advisor registered in the authorities' files?
- does the company appear on the AMF's list of fraudulent websites?
If someone contacts you claiming to be from a recognised financial institution, check the offer really exists. Visit a branch or call the telephone number on their website, not the one on the offer.
Beware of fake websites
Fraudsters could give you a link to a website that gives a fake history of the portfolio and its performance, as well as false testimonials and comments.
See the AMF's (Autorité des Marchés Financiers) guide to avoiding fraud
You can find their recommendations here.
Bank tranfers
Fraudsters contact either private individuals or businesses to try to trick them into sending money.
The 'fake boss' scam
The fraudster poses as a manager on a phone call, fax or e-mail and asks the employee to make a payment to an account which is often held overseas.
Fake payment updates
The fraudster uses a company or individual's account details to update the payment details of a landlord, supplier or another creditor, so the fraudster gets the money.
They send the new instructions by email, copying the style of the actual creditor.
Again, the 'new' bank details often relate to overseas accounts.
IT fraud
The fraudster pretends to be a technician at the company and asks the employee to make a 'test transfer'.
They may also ask them to install software that lets them access security information or the entire computer system.
This type of fraud has become more common since the introduction of SEPA payments.
The 'tests' are in fact real transfers to foreign accounts.
Personal
Check any requests to change existing payment details (from your landlord for example), especially if they are abroad.
Contact the beneficiary using your current contact details - not the ones on the request - to make sure the request is genuine.
Businesses
Always follow your internal procedures for making transfers
Make sure employees are aware of potential fraud risks
Watch out for corporate scams
Control who has access to the company's banking details
Conduct regular audits to identify unusual payments
Ensure you have secure internet access for payments
Install anti-malware software on all devices on your network
Contact the bank and the police if you spot either fraud or attempted fraud
Good to know: Scam techniques change all the time, so keep your operating systems and fraud protection up to date.
Common scams
The 'fake boss' scam
The fraudster poses as a manager on a phone call, fax or e-mail and asks the employee to make a payment to an account which is often held overseas.
Fake payment updates
The fraudster uses a company or individual's account details to update the payment details of a landlord, supplier or another creditor, so the fraudster gets the money.
They send the new instructions by email, copying the style of the actual creditor.
Again, the 'new' bank details often relate to overseas accounts.
IT fraud
The fraudster pretends to be a technician at the company and asks the employee to make a 'test transfer'.
They may also ask them to install software that lets them access security information or the entire computer system.
This type of fraud has become more common since the introduction of SEPA payments.
The 'tests' are in fact real transfers to foreign accounts.
Good habits
Personal
Check any requests to change existing payment details (from your landlord for example), especially if they are abroad.
Contact the beneficiary using your current contact details - not the ones on the request - to make sure the request is genuine.
Businesses
Always follow your internal procedures for making transfers
Make sure employees are aware of potential fraud risks
Watch out for corporate scams
Control who has access to the company's banking details
Conduct regular audits to identify unusual payments
Ensure you have secure internet access for payments
Install anti-malware software on all devices on your network
Contact the bank and the police if you spot either fraud or attempted fraud
Good to know: Scam techniques change all the time, so keep your operating systems and fraud protection up to date.
Other means of payment
Fraudsters are less likely to target these payment methods, but you should still take precautions.
Cheques
Theft
The thief steals your cheque book from your luggage, clothing, car or post. They may even try to get it directly from your bank branch.
They use it to write cheques on your account.
False cheques
If a fraudster gets your cheque or chequebook, they can:
- use a blank cheque to forge your signature.
- alter a cheque to change the amount or beneficiary.
Direct debits
Stealing bank details
Fraudsters can use your bank details to buy themselves goods or services, such as a telephone subscription, without the required checks.
SEPA payments
Fraudsters set up a direct debit for a third party without your approval, then transfer the money to a foreign account.
Cheques
Keep them safe
Write down and keep the first and last cheque numbers when get a new cheque book.
Try to use one cheque book at a time and always keep it in a safe place.
Have your cheque books delivered by registered mail or pick them up at your branch.
Never sign blank cheques in advance.
In the event of loss, theft or fraudulent use, contact your branch or call our National Lost or Stolen Cheque Call Centre immediately, 24/7.
Write cheques carefully
Use a black ballpoint pen to help prevent tampering.
Don't erase or write over mistakes.
Don't leave spaces in front of the sums in figures and letters. Draw a horizontal line to prevent extra figures or letters being added.
Never change the information on a cheque.
Review cheques completed by a machine, and only sign when certain the information is correct.
Never write blank cheques: you can't control who will cash it or for how much.
Check your receipts
Confirm the identity of anyone who gives you a cheque.
Check the printed information as well as the handwritten sum, date and signature. Look for signs of alteration, like different ink colours or handwriting, stains and traces of scratching or erasure.
If there's no beneficiary, complete it with your name and sign on the back immediately.
Beware of cheques for a higher sum than needed, especially if asked to pay the difference. The cheque could come back unpaid.
Never agree to deposit a cheque for another payee into your account.
Take care with banker's cheques
Make sure it carries a security watermark saying 'CHEQUE DE BANQUE'. It's bordered by two striped flames top and bottom, and two figures sowing seeds on either side. Ensure the cheque is valid by taking the buyer to to the bank to pay it in with you. If this isn't possible, call the bank to confirm its authenticity. Avoid making sales on public holidays or Sundays so you can reach the bank. |
Direct debits
Keep your bank account information secure.
Check your account statements for unexpected payments.
If you see a payment you don't recognise, raise it immediately with your bank.
Common scams
Cheques
Theft
The thief steals your cheque book from your luggage, clothing, car or post. They may even try to get it directly from your bank branch.
They use it to write cheques on your account.
False cheques
If a fraudster gets your cheque or chequebook, they can:
- use a blank cheque to forge your signature.
- alter a cheque to change the amount or beneficiary.
Direct debits
Stealing bank details
Fraudsters can use your bank details to buy themselves goods or services, such as a telephone subscription, without the required checks.
SEPA payments
Fraudsters set up a direct debit for a third party without your approval, then transfer the money to a foreign account.
Good habits
Cheques
Keep them safe
Write down and keep the first and last cheque numbers when get a new cheque book.
Try to use one cheque book at a time and always keep it in a safe place.
Have your cheque books delivered by registered mail or pick them up at your branch.
Never sign blank cheques in advance.
In the event of loss, theft or fraudulent use, contact your branch or call our National Lost or Stolen Cheque Call Centre immediately, 24/7.
Write cheques carefully
Use a black ballpoint pen to help prevent tampering.
Don't erase or write over mistakes.
Don't leave spaces in front of the sums in figures and letters. Draw a horizontal line to prevent extra figures or letters being added.
Never change the information on a cheque.
Review cheques completed by a machine, and only sign when certain the information is correct.
Never write blank cheques: you can't control who will cash it or for how much.
Check your receipts
Confirm the identity of anyone who gives you a cheque.
Check the printed information as well as the handwritten sum, date and signature. Look for signs of alteration, like different ink colours or handwriting, stains and traces of scratching or erasure.
If there's no beneficiary, complete it with your name and sign on the back immediately.
Beware of cheques for a higher sum than needed, especially if asked to pay the difference. The cheque could come back unpaid.
Never agree to deposit a cheque for another payee into your account.
Take care with banker's cheques
Make sure it carries a security watermark saying 'CHEQUE DE BANQUE'. It's bordered by two striped flames top and bottom, and two figures sowing seeds on either side. Ensure the cheque is valid by taking the buyer to to the bank to pay it in with you. If this isn't possible, call the bank to confirm its authenticity. Avoid making sales on public holidays or Sundays so you can reach the bank. |
Direct debits
Keep your bank account information secure.
Check your account statements for unexpected payments.
If you see a payment you don't recognise, raise it immediately with your bank.