Skip to content
HSBC UKHSBC UK Hexagon Icon
Back to Authorised Push Payment Scams

Scams commonly start with Vishing – which is a type of phone fraud where the fraudster calls you and tricks you into providing information about you and your business. They then use this information to scam or defraud you.

How it happens

Fraudsters often call out of the blue, claiming to be from your bank, the police, or another genuine organisation like a utility provider. Fraudsters can spoof genuine telephone numbers to try to convince you they’re genuine. They often use numbers that are easy to find, such as the one on the back of your bank card. This is so that when questioned, they can quickly point you in the direction of where the phone number can be found and reassure you of where they’re calling from. They further build up trust by mirroring call verification procedures that banks and genuine organisations use.

In the lead up to a scam, fraudsters may make numerous phone calls to your business to obtain information. Quite often these are small bits of harmless information but when put together they could have a big impact as they have information they can use to gain your trust and trick you, such as: names of staff members and suppliers, and details of projects or invoices due.

Methods of phone scams

Fraudsters usually pretend to be from the ‘fraud team’ and they’ll tell you your account is at risk or will query a transaction on your account, however, the transaction doesn’t exist.

Safe accounts

Fraudsters may advise you your account is compromised and that you need to move funds to a ‘safe account’, which will be in your name. However, the fraudster is in control of these accounts.

Secure key codes

Fraudsters will ask for internet banking secure key codes to ‘stop’ payments. However, in reality, these codes are being used to make payments.

Bypassing phone security

Fraudsters will sometimes say they need to pass you to another department to pass telephone security. What they’re actually doing is transferring you to the genuine financial institution to pass their telephone security checks. They then take over the call and attempt to deal with the company directly, instructing them to make payments.

Software downloads

The fraudster may advise you to visit a website or download software so they can access your systems to ‘help’ you with a problem or ‘verify’ your IP address. They may also ask you to download or access ‘live chat portals’ so they can assist you with checking payments, however, this unfortunately gives them greater access to your information.

If they’re successful in persuading you to download software:

  • they may ask you to log in to your internet banking so they can check your account. Then, whilst you’re logged on, they’ll remotely access your internet banking to make fraudulent payments without you knowing.
  • the download may install malicious software ‘malware’, which they can use to steal your details for use at a later datelater.

Card fraud

Fraudsters may advise you that your card details have been compromised and you either need to:

  • confirm your card details so it can be blocked; in reality, they’re using your card details to make payments.,
  • provide one-time passcodes to stop transactions; however, they may already have your card details and these codes are being used to make payments.,
  • return your card so a new one can be issued and advise you your card has been blocked; however, they’re going to obtain your bank card and use it.

How to protect yourself

Follow the advice below to help protect yourself and your business from Phone Scams:

  • Hang up the call if you’re unsure you’re speaking with a representative of a genuine organisation. Call the organisation on a known phone number, like the one on the back of your bank card or on their official website. Use a different phone or call a known contact first to be sure the line is ‘clear’.
  • Remember numbers can be spoofed and never rely on the caller ID to know who’s calling.
  • Never click on any links, visit web addresses, or download software as a result ofbecause of a phone call you weren’t expecting.
  • Don’t share Online Banking usernames, passwords, or any codes such as one-time passcodes or online banking authorisation codes, with anyone; HSBC and other banks don’t need these to stop payments.
  • HSBC will never; ask you to participate in an ongoing investigation, advise you how to answer questions or ask you to send your money to a safe account.
  • Destroy old or cancelled bank cards and cancel cards for previous employees immediately upon them leaving the business.
  • Never share your PIN for debit or credit cards.
  • Don’t send your bank card for a new one to be issued, HSBC will never ask you to send back a card.
  • Take 5 – Stop, Challenge and Protect.

How to report it

If you believe you have been a victim of this scam, please report it to us or your bank.

You should also report it to Action Fraud on 0300 123 2040 or via the Action Fraud website. If you are in Scotland, please report to Police Scotland directly by calling 101.

Further resources

Infographic – Tips on staying safe from Business Email Compromise and CEO Fraud

Take 5 – Stop, Challenge and Protect

NCSC – National Cyber Security Centre advice and guidance on a range of cyber topics