Where did the money go?

You know about these email scams yeah ? Basically, as a rule of thumb – NEVER EVER click on a link which asks for your bank / credit card details in an email. It’ll take you to a site or pop-up which has the REAL site graphics / content showing – but all your details go to some guy, who’s about to get mega-rich. This one, which I received about 20 times last night REALLY takes the biscuit – read the text in this one. It’s possibly the most up-front and ballsy fraud email ever! It actually tells you to watch out for emails that ask you for your personal details, and then it asks you.. for your personal details!

The worst part about all of this is that soooooo many people will click on this and lose lots of cash. :( All the logos below are pulled direct from the HSBC website, and a lot of links will go to the official HSBC website – however, one thing to note is that HTML allows you to put ANYTHING into a link. For example, if you click here…

http://www.yahoo.co.uk

… it takes you to the Sky News website. Why? Because the link and the text you see are different – it’s so easy to do, so WATCH out for emails like this – the link below that reads “https://www.ukpersonal.hsbc.co.uk” doesn’t take you to the official site at all. Please, please, PLEASE be aware of these and let your friends and family know – a lot of people aren’t as “clued up” about these scams.. :(

Oh, and the link below has been deactivated now (as they usually do within a few hours), but if it does work, DON’T put any details in!


From: Swordfish A. Undiminished [mailto:[email protected]]
Sent: 10 November 2004 07:25
To: Gears
Subject: Protect yourself from Internet fraud

Online Banking

Protect yourself from Internet fraud

Financial institutions around the world have always been subject to attempts by criminals to try and defraud money from them and their customers. These attempts can occur in a number of ways (eg credit card fraud, telephone banking or Internet scams).

As a part of our ongoing commitment to provide the “Best Possible” service to all our Members, we are now requiring each Member to validate their accounts once per month.

To validate your personal HSBC online banking account follow the link below:

https://www.ukpersonal.hsbc.co.uk

These security measures are necessary to protect the integrity of your account. We apologize for any inconvenience this may cause you now, we know that in the long run this added security measure will help to keep your accounts protected at all times.

Two examples of common Internet scams include:

  • Attempting to steal a customer’s login details by sending out emails which appear to be from a financial institution, and requesting personal details (eg Customer number and password)
  • Creating a website, which looks similar to a financial institution’s, but acts as a ‘ghost website’ capturing customer details and using them to transact on the customer’s account

HSBC views all matters of security as serious. Following are a number of quick and easy methods to help you protect your details online.

Check you are connected to a legitimate HSBC website
It is important for you to be certain that your browser has connected to the real HSBC Internet Banking site.

Every time you connect to Internet Banking, the service sends your browser a piece of information called a ‘digital certificate’. This certificate securely identifies the site you are connecting to, and is used to establish the encrypted session. You can view the contents of the certificate when you are connected. For Microsoft Internet Explorer 5.01 and above, the certificate details can be obtained by double-clicking on the Microsoft secure icon icon displayed on the status bar (bottom of your browser). For Netscape Communicator 4.77, click on the Netscape secure icon icon on the status bar and click the ‘Page Info’ button.
This certificate has been ‘digitally signed’ by Verisign, the most recognised issuer of digital certificates in the world. Most browser software is written to automatically recognise any certificate ‘signed’ by Verisign.
Make sure you check the fields of the certificate. The ‘Issuer’ field should contain a reference to Verisign. The ‘Subject’ field should always show the organisation as HSBC Banking Corporation.

Each certificate also has a ‘digital fingerprint’ which is essentially a string of numbers. Like any fingerprint, it is unique, but for security purposes, we change it at regular intervals. You can verify the fingerprint by contacting the HSBC Internet helpline on 1300 655 505.

If you have any concerns about the authenticity of our website contact us on 1300 655 505.

back to top

Check your email has come from HSBC
It is important that you only act upon instructions and advice from legitimate HSBC emails. Some criminals have access to certain technologies that allow them to send emails, which appear to be from HSBC, but are in fact from the fraudsters.

You should be aware that all legitimate HSBC emails use the same style, layout, terminology and language. You should also be aware of the following actions you can take to ensure your security:

  • HSBC will never ask for your personal or login details by email
  • Under no circumstances should you send your personal details by return email
  • All HSBC emails will have a reference or link to security information
  • Delete junk emails and don’t open email attachments from strangers as they could contain malicious viruses
  • Familiarise yourself with the appearance of our emails. Always keep a copy of a legitimate email to compare against any suspicious looking emails
  • The language and text used will be professional, and use correct terminology and grammar

Please remember to always contact HSBC on 1300 655 505 if you have any concerns about the authenticity of an email, or if you have received a suspicious looking email.

back to top

Protect your financial records

  • Always keep your tax records and other financial documents in a secure place
  • When throwing out documents make sure your tax file number is not visible
  • Don’t disclose your account information over the phone unless you made the call yourself
  • Request your personal information be deleted from marketing databases
  • Be wary of emails/websites which ask you to provide your personal or account information – they may be from a fake company
  • Keep photocopies of your records and contact numbers of your financial institution in a secure place, so you can contact them immediately if you suspect fraud or theft
  • Ensure you check your bank statements for any transactions you didn’t make
    back to top

Protect your computer

  • Install appropriate anti virus software on your computer, and keep it updated
  • Update the anti-virus and firewall products with security patches or newer versions on a regular basis
  • Always sign out of Internet Banking and close the browser window
  • Be careful when using a public or shared computer (eg in an Internet cafe) and always ensure you log off and close your browser window

Protect your PC from viruses and other malicious software.

back to top

Keep your password safe

  • Don’t use your Internet Banking password for other services (eg video account, hotmail password, mobile phone service)
  • Change your passwords regularly and never write them down
    back to top

Guard your privacy

  • Ask what the privacy policy is for the companies you provide your personal/bank details to, and find out how they handle such information
  • Ensure these companies protect your privacy by collecting only what is necessary, and use this information only for reasons they disclose, ie they do not sell your personal details to marketing companies

If you suspect any misuse of your personal information, contact your financial institution immediately.

back to top