Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

PHISHING - HSBC Bank 'Account Monitoring Process' Email


Outline

Email claiming to be from HSBC bank advises you that your account has been suspended via an account monitoring process designed to protect you from fraudsters.

Bank account monitoring
Pin to share (Pic will Pin larger)

Brief Analysis

The email is not from HSBC. It is a phishing scam designed to trick you into giving account login details and a large amount of other personal and financial information to cybercriminals.

Example

Subj: Account Monitoring process
Dear Customer,
Monitoring process
To protect your accounts, our monitoring process has temporarily suspended your online access, whereby fraudsters attempt to obtain customer’s personal banking and other confidential information.
To help us verify the activity on your account, we'll complete our checks on your Online Banking accounts.
For better services and protection of our customer , you are required to click of the protection button, this should be done as soon as you get this message.
[Protection]
Issued for UK use only | © HSBC Bank plc 2002 - 2014


Detailed Analysis

'Account Monitoring' Email Claims HSBC Account Suspended

According to this email, which purports to be from HSBC bank, your account has been temporarily suspended. The email claims that the suspension was the result of an account monitoring process that found that fraudsters had attempted to access your banking and other confidential information.

The email suggests that you click a 'Protection' button to verify the account and allow security checks to be completed.

Email is Not From HSBC - Phishing Scam

But, ironically, the only fraudsters in this frame are those who sent out the email. It is the phishing scammers responsible for the message who are intent on obtaining your personal banking and other confidential information.

If you click the 'Protection' button in the message, you will be taken to a fraudulent website designed to mirror a genuine HSBC page. Once on the fake page, you will be asked to supply your account user ID.

After you input your user ID and hit the 'Continue' button, you will be taken to a second fake page that contains a form that requests a significant amount of your personal and financial data (see screenshot at bottom of article).

When you have filled in and submitted the bogus form, you will then be automatically redirected to the genuine HSBC website.

All of the information submitted on the fraudulent website can be collected by the criminals and used to commit financial fraud and identity theft.

You can report this and other HSBC phishing attempts via the email address listed on the bank's website.

Beware Emails Claiming Accounts Have Been Suspended

Claiming that an account has been suspended for security reasons is a favourite scammer ruse. Be wary of any email that makes such a claim. Always login to your online bank accounts by entering the account address in your browser's address bar or via an official bank app rather than by clicking a link in an unsolicited email.



Bank account processing

Last updated: August 28, 2014
First published: August 28, 2014
By Brett M. Christensen
About Hoax-Slayer

References
HSBC - Report a problem
Commonwealth Bank Phishing Scam - Online Access Suspended Message
HSBC 'Password Entered Incorrectly' Phishing Scam