What is phishing?

Phishing is when a criminal sends you an email that tries to entice you sharing your passwords and bank details by clicking into the embedded links, QR code or file attachment which will result in malware implanted to your device. The email will claim that it is from a legitimate organisation like a bank, online payment service or online retailer. It often looks very similar to an actual email sent by those companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organisation's genuine site.

Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN or security code. The phishing site records everything you enter, and then uses your information to transfer out your money.

To spot a phishing email, ask yourself the following questions:

• Does it request personal information, such as a credit card number or account password?
• Were you expecting this message?
• Does it have an attachment?
• Does it ask you to do something unusual, like transfer money to an unknown source, or email your account details to someone?
• Does the sender’s email address or phone number match the name of the company that it claims to be from?
• Is your email address or phone number different from the one that you give to that company?
• Was it sent or cc’d to more than just you?

• Don't show the padlock symbol in the address bar when you log on
• Are poorly designed, with typos or bad spelling and grammar
• Have a different look and feel than the company’s regular website

Does an email look suspicious to you or is there something that just doesn't feel right about it? Trust your instincts and don't reply to it, click on any links or open any attachments in it. If you receive an email/SMS from HSBC requesting your personal information, report it by sending an email to phishing@hsbc.com immediately.