Top of main content
A woman lying on the floor using laptop happily; image used for HSBC MO fraud guide page

Protecting yourself online

Things you can be doing to keep your accounts and money safe.

On this page

Keep your software up-to-date

It's harder for viruses to infect updated software. The criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free, downloadable updates. So it's a good idea to install updates for your software as soon as they become available.

Just be wary of fake emails about bogus updates. Only use the update software that comes with your computer – don't click on links in emails.

You'll also want to make sure you're always using the most up-to-date web browser. Modern browser software adds a layer of protection against fake websites. So when you're looking at websites, your browser can warn you if you're visiting a fake or suspicious website.

Check your privacy settings

If you use social networking websites, double-check your privacy settings to make sure you only share personal information with people you trust.

On these sites, you tend to share personal things about yourself. Anything from your mother's maiden name to the name of the first school you went to, your address, birthday and telephone number. All this information is useful to people who want to steal your identity or break into your accounts.

Protect yourself against fraud

Please pay special attention to any forms of communication that claiming to be issued by legitimate organisations like government, charity organisations, banks, online payment services or online retailers, in particular:

  • Phishing email: It is typical for fraudsters to gain access to bank accounts using emails. If the email looks suspicious, please do not open any attachments, click on any links, or reply the email.
  • Suspicious phone calls: Beware of suspicious voice message phone calls made from Interactive Voice Response system claiming to be from banks or other legitimate organisations. These calls attempt to trick customers to input or provide personal information.
  • Fraudulent SMS message: Beware of the SMS that requires you to call back to verify credit cards transactions. We will only request you to call 0800909 or (852) 2288 2519 (if abroad) to verify the transactions.


  • Do not provide any personal information to unsolicited callers
  • Do not access HSBC online banking accounts through hyperlinks embedded in email or internet search engines
  • We will never ask you for any PINs or passwords or to move money to a safe account
  • We have not authorised or appointed any intermediaries / third party to conduct telesales marketing activities for promotion
  • We will never send any SMS or E-mail with a link requesting you to log on to your online banking. We will never ask you for any PINs or Passwords

How to spot fake emails and websites

Fraudsters use fake emails and websites to get you to unknowingly give away your passwords or bank details. Look out for these warning signs to spot them.

  • Poor design, typos or bad grammar
  • The sender's email address doesn't match the name of the company domain it's meant to be coming from
  • Asking you to do something unusual
  • Asking for personal information
  • An email link that says it's going somewhere that it isn't (tip: hover over a link in an email to see its real destination (URL))
  • A website that doesn't display the padlock symbol in their address bar when you log on
  • If you've encountered phishing websites or suspicious emails, do not respond to them or click any links in them. Please forward them to us at, and then delete them. We won't be able to provide a personalised response to your email, but we will send you an auto reply to let you know we’ve received it

Quick tips to stay safe

Keep your devices safe

  • Don't download any free software on your computer / mobile unless you're certain it's safe
  • Use anti-virus software, and make sure it's up-to-date 
  • Only use secure and trusted wireless networks, add a password for your own home Wi-Fi network

Be Secure

  • Change your passwords regularly
  • Never send your credit card details through email
  • Never share your personal security information (Passwords or PIN on Security Device)

Stay vigilant

  • Don't respond to unsolicited emails, and don't follow any links in them either
  • Make sure you're on a secure website before submitting banking or other sensitive information. Secure websites begin with 'https://' instead of 'http://' They'll also contain a padlock icon on the address bar
  • Avoid using public computers to access your online banking

What to do if your devices are compromised?

  • Update and Clean up your computer with anti-virus program
  • Change your password from a clean computer
  • Review your recent transactions and contact us if any irregularity is found

You might be interested in

to go to safeguard page

Learn more about our initiative to safeguard your hard-earned money from financial crime.

to go to contact page

If you suspect there's been fraud on your account, please contact us as soon as possible.