What is phishing?

Phishing is an online scam where criminals send fake emails to steal your personal information, like passwords or bank details.

These emails often look like they’re from trusted organisations, such as banks or online retailers, and may include links, QR codes or attachments. Clicking on them can lead to fake websites or install malware on your device.

On the fake site, you’ll be asked to enter sensitive details like your account number or PIN. Scammers can then use this information to access your accounts and steal your money.

Questions to ask about emails

Signs of a fake website

Protect yourself with HSBC Secure Logon

Phishing emails and fake websites are designed to trick you into sharing personal information. Here’s how to identify them:

• Does it ask for personal information, like your credit card number or account password?
• Were you expecting this message?
• Does it include an attachment?
• Is it asking you to do something unusual, like transferring money to an unknown account/person or emailing your account details?
• Does the sender’s email address or phone number match the company it claims to be from?
• Is your email address or phone number different from the one you’ve shared with the company?
• Was this email sent to a group or just to you?

• No padlock symbol in the address bar
• Poor design with typos, bad grammar, or spelling errors
• Looks and feels different from the company’s official website

• Using a dynamic QR code that’s created specifically for your logon session and expires quickly
• Matching a unique 6-digit number displayed on both your desktop/mobile browser and the HSBC Malaysia Mobile Banking app
• Verifying the three-browser log on information - 'Browser', 'Location', and 'Date/ time' before logging on to HSBC Online Banking
  
  Do not proceed if any of the above checks fail, as this may indicate a fraudulent website or unauthorised access attempt.

Learn more about HSBC Secure Logon