Avoid social engineering scams and phishing

Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (government tax institution) and contain links to websites urging you to provide confidential, personal, or financial information. For example, emails urging you to log-in to online banking, provide confidential data, or fake offers or promotions with links that direct you to external websites.

Phishing emails typically:

• claim to be from a legitimate source and often accompanied by a threatening language
• warn you of some sudden change in an account which means you have to confirm you still use the service
• sometimes have poor spelling and grammar
• ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
• include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account
• contain promotional offers that prompt you to click the link or provide personal data

If an email looks suspicious, don’t reply to it. Don't click on any links. Don't open any attachments. Conduct thorough research.

View some examples of phishing emails

Always remember:

• the official domain of our website is www.hsbc.com.tw
• double check the sender ID, beware of messages impersonating the bank
• stay alert when you are directed to any website

The following email domain is not the official domain of HSBC Taiwan, HSBC Taiwan’s official domain is www.hsbc.com.tw

The following email domain is not the official domain of HSBC Taiwan, HSBC Taiwan’s official domain is www.hsbc.com.tw

If you have any questions or concerns regarding the email you have received, please refer to HSBC Taiwan’s official announcement and link as reference.

Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'. The caller will then try to persuade you to:

• transfer money to another account for 'safekeeping' or 'holding'
• withdraw cash and hand it over 'for investigation'
• give private information, which can then be used to gain access to your finances or conduct card internet transaction or digital wallet binding

If a phone call sounds suspicious, don’t disclose sensitive personal information. Conduct thorough research.

Another thing to watch out for is suspicious text messages that look like they have come from HSBC or another trusted organisation. These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).

It's important to remember the following:

• Banks and other organisations such as the police or service providers will never ask you for your full PIN, password or banking codes.
• Fraudsters can mimic text headers so that their messages can join a conversation beneath ones you know are genuine.
   

If a SMS looks suspicious, don’t reply to it. Don't click on any links. Don't open any attachments. Conduct thorough research.

See some examples of phishing SMS

Always remember:

• the official domain of our website is www.hsbc.com.tw
• double check the sender phone number as caller ID spoofing may be used
• stay alert when you are directed to any website

As a rule of thumb, you should always be extra vigilant when you receive SMS of such nature.