Skip to content
HSBC UKHSBC UK Hexagon Icon
Back to Authorised Push Payment Scams

Smishing is a text message scam where fraudsters pretend to be a genuine organisation and try to steal your information or install malware on your device.

How it happens

Text message scams, also known as ‘smishing’ - occurs when a fraudster sends you a text that appears to be from your bank or another trusted organisation. Their goal is to trick you into replying with your personal or financial information and steal money from your account.

The messages are likely to:

  • Encourage you to take urgent action by click on a link and input information or make a payment.
  • Try to look genuine by copying text messages sent by a genuine organisation and add their own wording.
  • Come from unknown mobile numbers or be tagged with the name of the organisation they’re trying to impersonate.

Banks and other genuine organisations will never ask you for your full PIN, password or banking codes, and HSBC will never text you a link to our online banking log on pages.

Some examples of smishing include:

  • ‘Your bank’ tells you that your internet banking access has been restricted and asks you to click on a link to reinstate access.
  • ‘Your bank’ asks you to move your money to a ‘safe account’.
  • A company tells you your payment has failed and to click on a link to update your bank details or make payment.
  • A delivery company tells you that they couldn’t deliver your parcel and to click on a link to pay a small fee and reschedule.
  • Instant messaging scams - where criminals pretend to be loved ones such as your children, including messages advising they’ve lost their phone, asking for money urgently or asking to share a code that has been ‘accidentally’ sent to you.

How to protect yourself

Follow the advice below to help protect yourself and your business from Smishing:

  • When replacing devices make sure to conduct a factory reset on your old device. This will clear all your data and content from it. Instructions on how to complete this for your device can be found in the user guide.
  • Forward suspicious text messages to 7726 to report them to your phone operator.
  • Contact the organisation/person using a phone number you know is genuine, or visit their official website.
  • Report the message to us – if the message looks like it has come from HSBC but looks suspicious, you can screenshot the message and send the image to use at phising@hsbc.com.
  • Delete the text message.
  • Never click on a link and input personal or payment details, this gives the criminal your information which can be used against you.
  • Don’t trust any out of the blue contact from a number which you don’t recognise.
  • Never reply or download any attachments.
  • If you receive a message from a family member or friend asking you to send them money, call them to make sure a fraudster isn’t impersonating them.

How to report it

If you believe you have been a victim of this scam, please report it to us or your bank.

You should also report it to Action Fraud on 0300 123 2040 or via the Action Fraud website. If you are in Scotland, please report to Police Scotland directly by calling 101.

Further resources

Take 5 – Stop, Challenge and Protect

NCSC – National Cyber Security Centre advice and guidance on a range of cyber topics