10 ways to stay safe online
Here's our top tips to help keep you and your business safe when banking online.
It's a good idea to be wary of any requests (via email, phone or otherwise) to change beneficiary banking details or send a payment to a new beneficiary. The request may be an attempt to divert funds to a fraudulent account.
Fraudulent requests may be disguised as originating from a supplier and ask that you change the supplier’s bank account information.
As a precaution, always take the extra step of checking directly with your supplier through an alternative communication method outside of the email environment, such as a phone call to a trusted source in their company, to confirm that the change request is genuine.
In some cases, the fraudulent request to change supplier information or make a payment to an unfamiliar account supposedly comes from your organisation’s CEO, President or other administrator.
When reviewing any type of payment instructions from an internal source, ensure the request uses your organisation’s official channels and follows authorised processes and procedures.
Staying informed about online security risks enables you to stay vigilant against fraud and helps keep you protected.
Vigilance is vital to detecting and preventing internet banking fraud. With online fraud becoming more sophisticated, it is important to stay informed on what fraud looks like and how you can protect your organisation from fraudulent activity.
How do I know that a fraud or phishing attempt is underway?
The following types of experiences should be taken seriously and reported to your local HSBCnet support team immediately:
- When logging in to HSBCnet, you are presented with a message saying that HSBCnet is unavailable AFTER you have entered your username and security credentials. Alternately, the error message might give a set time that HSBCnet will return, e.g. 15 minutes
- You are presented with a security check/verification screen that requires you to wait
- You are prompted repeatedly to re-enter your username, password or security code
- You see any screens that you think are unusual or are missing information
Tips for secure use of HSBCnet:
- Always access HSBCnet by keying in the website address in the address bar of your browser, or bookmark the website and use that function to access HSBCnet. You should not enter your user name, password and/or security code if you find the website suspicious in any way
- If unexpected screens pop up and/or your computer's response is unusually slow, this could be a sign that a fraudulent attack is underway. If you experience either of these events, we recommend that you contact your local HSBCnet Support Centre immediately
- The yellow button on your Security Device should only be used to authenticate transactions. We will never ask you to use the yellow button when you log on to HSBCnet (unless you are activating your Security Device for the first time), or ask you to undertake actions using your Security Device over the phone
- Review transaction records regularly using the Account Information service and report any suspicious transactions to your local HSBCnet Support Centre or HSBC representative
Phishing emails encourage individuals to divulge personal information such as banking security credentials or request that you click “download” links which could leave you vulnerable to malware. Learn how to protect your accounts.
Fraudsters might send you an email that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by email.
Criminals are good at making their emails and websites look realistic. But you can often spot the fake ones:
- Strange looking email or web addresses
- Poor design, typos or bad spelling
- They ask you to do something unusual
- A site doesn't display the padlock symbol in the address bar when you log in
When opening an email, please remember:
- HSBC will not display your personal information in emails or ask you to provide any personal information including your username, password and/or security code by email
- If in doubt, stop. Don't click on any links. Don't open any attachments. Just forward the email to hsbcnet.phishing@hsbc.com
- Never access internet banking through hyperlinks embedded in emails or other potentially untrustworthy sources
“Social Engineering” describes the tactics used by fraudsters to manipulate people into divulging confidential information and/or performing actions online that put them at risk. Being vigilant against this type of fraud helps keep you protected.
What "Social Engineering" might look like
Fraudsters may contact you pretending to be from an institution you deal with (such as HSBC), an organisation of authority, a vendor/supplier, or even an individual within your company. They could direct you to perform actions that will allow them to send unauthorised payments from your account. This can include providing numbers displayed on your Security Device or pushing the yellow button.
- HSBC will never request information that could be used to make a payment (such as account numbers, passwords, security device details other than the serial number on the back, etc)
- Under no circumstances will HSBC ever ask you to ask you to divulge any of your security details over the phone, by text message or via email
If you are ever doubtful about your HSBCnet activities or the authenticity of incoming telephone calls purporting to be from HSBC, please call your local HSBCnet Support Centre or your HSBCnet Representative for further verification.
To maintain the safest possible security, you should ensure you are the only individual signing on to HSBCnet using your username and security device.
Please do not share your username, security device or password with anyone, including your colleagues.
Sharing your username and device puts you at risk since you are responsible for any activity completed under your user profile.
Allowing someone else to use your username and your security device can also result in locked passwords and lost devices, causing added delays.
If you are a System Administrator and allow users to share usernames and devices, your system audit trail will be inaccurate.
Need more security devices? Please contact your local HSBCnet Support Centre and they will be happy to assist with placing new orders.
You can rest assured that HSBCnet is a secure channel that is rigorously monitored to protect our customers. You can help us keep fraud out of business by being cautious when conducting transactions online and protecting yourself with the latest anti-virus software.
Anti-virus software protects you, your privacy and your money. You need to install anti-virus software if you don't have any already.
Viruses steal personal information, take over your PC, pop up unwanted adverts and they can even use your computer to attack other people's computers.
You may also hear them called malware, trojans, spyware or adware. Anti-virus software protects you against all of them.
Anti-virus software protects you, your privacy and your money.
To work properly, anti-virus software requires that you download updates on a regular basis. Out-of-date anti-virus software will have flaws that could leave you vulnerable to fraud.
When downloading any anti-virus software, make sure you are accessing the download from a genuine site. There are many fake products claiming to protect your computer but which may actually infect it with viruses.
It is harder for viruses to infect updated software.
Criminals who create viruses take advantage of weaknesses in software to infect computers. Software companies fix weaknesses with free downloadable updates. It is a good idea that you install updates for your software as soon as they become available.
Tips for updating your software:
- Software updates are particularly important for your security software such as firewall, anti-virus, and/or malware protection
- Make sure all of your programs are up to date, including web browsers and applications you use on mobile devices
- Most modern software will check for updates automatically and alert you when an update is available. Download and install all software updates as soon as possible
- To check for patches and updates, visit the publisher's website. Software updates are typically found under the 'Download' section of the website. When opening a website, always key in the website address in the address bar of your browser or access the site through a reputable source
- Never access a publisher’s website by clicking on a hyperlink embedded in an email or via a potentially untrustworthy source
- Do not install pirated software or software from unknown providers
HSBC offers Webroot SecureAnywhere® online protection to help you safeguard your organisation against banking fraud.
Webroot SecureAnywhere® software offers both anti-virus protection as well as malware detection services designed to meet the specific types of threats that are most prevalent in today's online environment. Webroot SecureAnywhere® is compatible with any existing anti-virus software you have installed on your PC.
HSBC has teamed up with Webroot to offer this enhanced protection at no charge to HSBCnet online banking customers. We have made Webroot SecureAnywhere® available for HSBCnet users to install on all PCs used to access HSBCnet.
Learn more about the benefits of installing Webroot SecureAnywhere®
HSBCnet and HSBCnet Mobile offers the convenience of conducting your banking at any time and from anywhere you have an internet connection. It is important to safeguard your online banking activity whenever you are banking on the go.
While HSBCnet uses multiple layers of protection to enhance your security, here are a few reminders for safeguarding your online banking activity whether you are accessing HSBCnet on the go, connecting to HSBCnet from your laptop via a new internet connection, or using a trusted stationary computer terminal.
- Do not store your user or profile details or credentials on your mobile device
- Do not use an "open" Wi-Fi connection. Use Wi-Fi connections that are password protected with the WPA2 standard as a minimum. Alternatively, use the cell phone network instead of Wi-Fi for sensitive operations such as banking and turn off Wi-Fi and Bluetooth when they are not in use
- When travelling, always use a trusted computer or mobile device whenever possible
- Ensure your device is updated with the latest manufacturer software updates and avoid using a “jailbroken” or “rooted” device with any unauthorised modifications
- Avoid sharing your mobile device with others. Enable the Password/PIN and auto lock features on your devices to prevent other people from using it if stolen
- Never leave your laptop, mobile device, or computer unattended once you have signed on to HSBCnet
- After completing your transactions, ensure to log off of HSBCnet, clear the cache, and close the browser
For additional information on how to protect yourself online, review the Online Security page on the HSBC Group website.
The HSBCnet Mobile app is available for iPhone and Android based smartphones. If you do not have an Apple or Android device, or do not wish to download the Apple or Android app, you can access HSBCnet Mobile via your phone’s web browser.
Visit the Apple App Store or Google Play™, search 'HSBCnet' and download the HSBCnet Mobile app today. Apple and iPhone are registered trademarks of Apple Inc., registered in the US and other countries and regions. App Store is a service mark of Apple Inc. Android and Google Play are trademarks of Google LLC.
We do not charge for the App. However, your mobile network operator may charge you to access the App and these charges may vary if you access the App when abroad. You are responsible for these charges.