Table of contents
Guide on how you can deter fraud
Simple steps to secure your devices
Chances are, your computer contains a goldmine of personal information. Make sure you're taking the necessary precautions to protect it.
Most people think that their computers are secure but a study from the National Cyber Security Alliance and McAfee shows they're actually at risk because of outdated security software, infrequent virus scanning or not activating their firewall. To see if your computer security is updated and active, kindly review the tips below.
Setting up your computer:
- Use a newer operating system such as Windows 7 or Mac OSX. They're more secure.
- Download security patches and updates. Turn on automatic updates so you've got the latest fixes to problems as they arise.
- Disable "File and Printer Sharing" on your computer to prevent unauthorized access
- Increase the security settings for your operating system
- Use a current web browser and keep it updated
- Set your browser to block pop-ups
- Turn your computer off when you're not using it. If you're not connected to the Internet, you can't be hacked or infected.
Setting up your mobile device:
- Ensure your software is up to date. Check the manufacturer's Web site (or search Google) to see if a software or firmware update is available. If there's a new one, download it.
- Utilize strong passwords, combinations of letters, numbers and or special characters of 8 characters or more
- Security Settings, most default browser settings are fairly secure
- Avoid unencrypted public wireless networks
- Paying to access a Wi-Fi network does not mean it's secure. Access fees do not equal security.
- URLs beginning with "https:" are safer (but not foolproof). The s in https means that you're connected to the site via the Secure Socket Layer (SSL).
- Use VPN (virtual private network). This provides secure access to an organization's network and allows you to get on line behind a secure layer that protects your information.
- Turn off cookies and autofill. This can be a privacy threat.
- Be selective about the applications you are downloading
Adding security software:
- Use new anti-virus software to protect against viruses and spam
- Use an anti-spyware program
- If your operating system has a built-in firewall, enable it. Or install a third-party firewall to block hackers.
- Use a secure Password to prevent access when you're away from your computer
- Use encryption software to protect data stored on your laptop, Personal Digital Assistant, cell phone or other wireless device
Internet safety tips
Cyber criminals are using more sophisticated methods to steal your information. Follow our tips to stay two steps ahead.
If you've followed our guidelines for securing your computer & mobile device, you've already made it harder for someone to steal your identity. But all the safeguards in the world won't help you if you give your personal information away. So be smart and follow the guidelines below to protect yourself online.
Guidelines for safely banking online:
- Access online banking sites by typing the URL directly into the address bar. Be aware of pop-ups as they may indicate you have malware on your computer.
- Report pop-ups to your financial institution
- Do not click on links in an email unless from a trusted source. Access the bank using a bookmark or address you know is safe.
- Check for anything unusual, unprofessional or out of place such as a slightly altered domain name like www.hbsc.com.ph, www.hbs.com.ph or www.hsbc-security; an imperfect logo; or urgent account verification requests
- Don't use the same Password for banking that you use for other online accounts
- Don't use public computers to do your banking, including those at libraries, Internet cafes and schools
Guidelines for strong passwords:
- Don't share your Password with anyone
- Memorize your Password. Don't write it down or store it on your computer.
- Use upper and lower case letters, numbers and symbols
- Avoid common words or obvious names. Think of a phrase that's memorable to you but not to others.
- Use Passwords that are at least eight characters long
- Change Passwords regularly (at least every 90 days)
Guidelines for safe web browsing:
- Don't respond to unsolicited requests for account information
- Don't click on pop-ups. Better yet, set your browser to block them.
- Don't give out personal information to blogs, forums and other social networking sites
- Don't visit unsafe sites. You could open yourself up to a flood of spam, pop-ups and spyware.
- When shopping online, use secure sites that encrypt your credit card information
- Be suspicious of odd error messages. Don't click on them or respond to them. Scan your computer to remove any virus or spyware.
- Scan your computer files regularly, once a week at a minimum
Guidelines for safe email:
- Don't open email from someone you don't know. Read subject lines carefully. Don't be tricked by a friendly tone or urgent request.
- Turn off the preview pane in your email program
- Don't click on links or attachments in unsolicited email, especially if they say a problem is urgent or includes an attached file that ends in ".exe."
- Delete email from unknown sources immediately. Use your junk mail filter.
Guidelines for safe instant messaging:
- Block people you don't want to know, especially complete strangers. Adjust your Instant Message settings so that only people on your buddy or friends list can Instant Message you.
- Don't reply to strangers, especially if their messages are rude or annoying. It could be a predator.
- Don't click on unsolicited links or attachments. They could contain a virus or spyware.
- Don't create a profile that includes personal information. It can open you up to harassment and attract predators.
- Know your children's online friends and supervise their chat areas
- Restrict your Privacy settings on any social networking site
ATM and mail safety tips
To open new accounts in your name, thieves don't have to look any further than your mailbox. Pre-approved credit offers and outgoing bills may be all anyone needs to steal your identity. More sophisticated methods involve skimming or copying your card at an ATM. To reduce your risk of fraud, put our safety tips into action.
Precautions when using an ATM:
- Memorize your PIN. Don't write it down or keep it in your wallet or purse.
- Protect your PIN. Cover the keypad while you enter the number.
- Use ATM under video surveillance or those located inside a bank lobby
- Conduct ATM transactions during the day. Most ATM crimes happen at night
- Watch out for shoulder surfers with binoculars or cameras
- Don't accept offers of "help." Leave immediately.
- Be suspicious of signs telling you to use a specific machine. The ATM may be fitted with a skimming device.
- Report anything suspicious or strange to your bank or financial institution
Guidelines for protecting your mail:
- Collect incoming mail promptly. Don't leave it in your mailbox overnight or on weekends.
- Consider using a locking mailbox or rent one at the post office
- Don't use the red flag to draw attention to your outgoing mail
- Deposit outgoing mail in official postal service collection boxes
- Shred unwanted documents containing personal information such as credit applications, convenience checks, bank statements and bills
- Check your monthly financial statements and bills for accuracy
- If you don't get monthly financial statements and bills when expected, contact the sender
Knowing the signs of fraud
When logging on, a pop-up window appears stating the service is not available and to try later. A misspelled domain name in the address line. Lotteries that charge a fee to collect your winnings. Requests to pick up or send cash to a person overseas and they offer to share the money. All of these tricks and more have been used to take someone's money or identity. To avoid being conned, learn the tell-tale signs below.
E-mail fraud: So-called "phishing" emails appear to be from legitimate companies. Typically, they warn you of an urgent problem with your account and trick you into clicking on a link that takes you to a phony website. Remember, no reputable company would request personal information via email. Other warning signs that an email is fraudulent:
- Generic salutation such as "Dear user" and/or impersonalised information in the text of the email
- The logo is distorted or stretched
- The link in the email doesn't match the URL of the legitimate site
- There's an attachment or link that may launch a virus or spyware on your computer
Website fraud: Fraudulent (phishing) emails may direct you to a bogus or spoof site that's often very convincing. Look closely for these tell-tale signs:
- The site threatens to shut down your account unless you verify your personal information
- The site returns an error message and asks you to log in
- The URL isn't quite right. For example, you see www.hbsc.com.ph or www.hsb.com.ph instead of us.hsbc.com. The URL may also contain numbers (such as an IP address) or an "@" symbol.
- The padlock icon is out of place. It should be in the browser status bar in the lower right and not within the web page
- When you double-click on the lock icon, you get a warning that the site address doesn't match the security certificate
- The logo is distorted or stretched which indicates it's been copied
- Spelling and grammar mistakes
- If there's a phone number on the fake website, it doesn't match the phone number on your account statement
- You can't link to a home page from the fraudulent site
Phone Fraud: Never give out personal information over the phone unless you initiate the contact. Be suspicious of the following:
- Automated messages with urgent requests to verify your account
- Voicemails asking you to call a number with an international code. You'll end up with an expensive phone bill.
- Text message asking for urgent confirmation of personal or account information
Mail Fraud: If it sounds too good to be true, it's probably a scam. Be suspicious of the following:
- Pre-approved credit offers that charge a fee to get your card
- Job scams asking you to pay for more information
- Work-at-home schemes that require you to buy something before you can start work
- Any request to call a 900 number
- Donation requests to unregistered charities
- Sweepstakes and lotteries where you have to pay to receive your prize or those involving a foreign country/region
Credit Card Fraud: Card fraud can occur anywhere you make a transaction including restaurants, gas stations and other retail locations. Beware of the following:
- Swiping your card twice, once for your meal and a second time through a skimming device
- Someone looking over your shoulder at the register
- Receipts and copies. Ask for them and file or destroy them.
Posted on May 26, 2016.
Protecting your card and PIN
- Do not let your card out of sight, especially when making purchases in restaurants, bars and petrol stations
- Ensure that you're the only person who knows your PIN - never write it down or record it anywhere. If you must, keep it secure or encrypted
- Never disclose your PIN to anyone, not even a Police officer or a bank employee (HSBC staff would never ask for your PIN)
- Contact HSBC immediately if a courier says they have come to collect your card, PIN, online banking secure key or cash
ATM fraud prevention
- Always use your hand as a shield while entering your PIN
- Be aware of others around when using an ATM machine, particularly at night, and avoid using an ATM if suspicious looking individuals are hanging around
- Do not take advice from 'helpful' strangers who happen to be standing near an ATM, especially if your card has been unexpectedly retained
- If anything looks suspicious or unusual when you are at the ATM then do not use it. Instead either alert an HSBC employee if available or move a reasonable distance from the machine and call the Police.
- If you realise the ATM has been tampered with, after you have inserted your card, contact HSBC while still standing at the ATM machine if it is safe to do so
- Store HSBC's phone number into your mobile and contact HSBC immediately if your card is unexpectedly retained by an ATM
- Upon completing a transaction, discreetly put your money and card away before leaving the cash machine
- Check your statements regularly for any transactions you do not recognise and report them to HSBC immediately
- Inform us of your travel plans for our fraud detection system to monitor your card transactions for any suspicious activity and help us arrive with an informed decision if your transactions get alerted
- Ensure HSBC has your up-to-date contact details, particularly, your mobile phone number and email address before you travel abroad
- Take note of our contact numbers ((02)8858-0000 for Credit Card/Advance customers and (02)8858-0800 for Premier customers) for lost and stolen card reporting. We recommend you store these numbers on your mobile phone.
- Keep your cards with you at all times, or in a safe place
- HSBC's credit card upgrade offers will NEVER require cardholders to surrender their old card nor ask for the PIN. Contact us immediately if this happens
- We will not call you to request for your credit card details such as account number or credit card number and PIN
- We may call you as part of our fraud detection purposes to verify whether a transaction is genuine or not. We will never ask you to divulge full security information.
- Shred all documents (receipts, letters etc.) that contain your name, address or other account and personal information
- Check your statements regularly for any transactions you do not recognise and report them to HSBC immediately
- Do not respond to phishing emails - HSBC will never send you an email asking you to disclose personal information, bank details, passwords or PIN
- Do not share your personal information unless you are confident that you know who you are speaking to
- Pay attention to card expiry dates. If your replacement card hasn't arrived, call HSBC to check the status of your new card
Should you need further information and assistance, please call the HSBC hotline at (02)8858-0000.
Posted March 27, 2014
ATM security reminders
Put our safety tips into action to reduce your risk of fraud when using an ATM.
- Be aware of your surroundings when using an ATM. If there's someone or something suspicious, quickly cancel your transaction.
- Refuse help from strangers when using an ATM.
- Inspect the ATM. If there are signs of tampering, DO NOT proceed with your transaction.
- When using an ATM, choose well-lit and/or well-guarded areas.
- If your card is captured and you suspect possible fraud, please report it to us immediately.
Protect your PIN
- Memorize your PIN and do not write it down.
- Choose a PIN that's hard to guess.
- Cover the numeric keypad and make sure no one is looking while you are entering your PIN.
- Never disclose your PIN to anyone.
- Use different PINs for different channels (ATM, Phone Banking, etc.).
Monitor your account
- Always check your statements.
- Switch to electronic statements and get your statements faster.
- Immediately report unusual transactions to us.
- Sign-up to instant SMS notification so you get updates on movement within your accounts.
- Register through HSBC Online Banking so you can monitor your accounts anytime.
If you lose your card, call HSBC's Customer Service immediately at (02)8858-0000 or (02)7976-8000 from Metro Manila, +1-800-1-888-8555 PLDT domestic toll-free, (country code) +800-100-85-800 international toll-free for selected countries/regions.
Reporting of Phishing and Smishing
To report phishing websites, smishing texts or suspicious emails that requested your personal banking information, send an email to firstname.lastname@example.org. You’ll receive an automatic response to let you know we've received your email.
- Copy the full email, smishing text or website address (URL) and paste it onto the body of the email.
- Do not include your personal information in the email. This mailbox is processed by a third party on behalf of HSBC Global Services (UK) Limited and by HSBC Group companies (this also means we won’t be able to give you personalised responses from it).
HSBC may send you emails from time to time but will never ask for your security information or send you a link directly asking you to log on to your online banking. HSBC will never attach a link to a web page that would ask for this information. If you receive an unsolicited email from HSBC encouraging you to do this, it will be a "Phishing" email. See 'How Social Engineering works' (below) for more information.
How social engineering works
Social engineering works by gaining someone's trust and getting them to give information that should be kept secure.
Scammers usually contact people by phone (vishing), SMS (smishing) or email (phishing). They'll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person's trust, they'll then ask for sensitive information or things which will give them access to the person's bank accounts.
There are things your bank would never ask for, such as:
- CVV, Card Expiry Date, Cash Advance PIN, or OTP (One-Time Password)
- Online banking codes such as Secure Key or password
Your bank would also never ask to
- collect your credit or debit cards, cheque books or cash
- transfer funds to a different account for 'safekeeping'
1. Vishing (Phone)
Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your network provider. To make the call seem more convincing, they may already have some information about you, such as your account number, address and account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'. The caller will then try to persuade you to:
- transfer money to another account for 'safekeeping' or 'holding'
- withdraw cash and hand it over 'for investigation'
- give private information, which can then be used to gain access to your finances
If you're suspicious or feel vulnerable, immediately end the call and disregard messages from unregistered numbers asking for your CVV, Card Expiry Date, Cash Advance PIN, or OTP. In case you've given them your banking details, call us immediately at +6328858-0000 or +6327976-8000 or +800-100-85-800 from overseas.
2. Phishing (Email)
Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (like government agencies) and contain links to websites asking you for confidential, personal or financial information. The emails may appear to come from a legitimate source and often warn your account may be shut down unless you take some action or they may say you're owed money.
If you receive one of these emails, don't reply or click on a link that you're not sure is genuine. Instead, contact the company using a phone number you know is genuine.
Phishing emails typically:
- warn you of some sudden change in an account which means you have to confirm you still use the service
- sometimes have poor spelling and grammar
- ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
- include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account
Don't open attachments or click on links if you suspect they may not be genuine.
If you're suspicious of an email claiming to be from HSBC, forward it to email@example.com, delete it and empty your deleted items.
3. Smishing (SMS)
Another thing to watch out for is suspicious text messages that look like they're from HSBC or another trusted organisation. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).
It's important to remember:
- Banks and other organisations such as the police or service providers will never ask you for your full PIN, OTP, password or banking codes.
- Some sophisticated fraudsters can send text messages that show "HSBC" as the sender, to look genuine. This is why you should always be wary of what each SMS you receive contains and asks of you.
If you're unsure whether a text claiming to be from HSBC is genuine, forward it to firstname.lastname@example.org and we'll investigate it.
Never share your security details with anyone else.
+1-800-1-888-8555 PLDT domestic toll-free, (International Access Code) + 800-100-85-800 international toll-free for selected countries/regions, or send an email to email@example.com. If you want to find out more about HSBC's customer feedback procedures, please visit hsbc.com.ph/feedback.
The Hongkong and Shanghai Banking Corporation Limited is an entity regulated by the Bangko Sentral ng Pilipinas (Bangko Sentral) https://www.bsp.gov.ph. You may get in touch with the Bangko Sentral Consumer Protection and Market Conduct Office through their Email: firstname.lastname@example.org; Webchat: http://www.bsp.gov.ph; Facebook: https://www.facebook.com/BangkoSentralngPilipinas or SMS: 021582277 (for Globe subscribers only).
Deposits are insured by PDIC up to PHP500,000 per depositor.
Note: Do not provide your account or credit card numbers or disclose any other confidential information or banking instructions through email.