Top of Main Content

Phishing is among the most common and dangerous Internet crimes. Phishing attacks seek to steal personal or business information used to perform financial transactions.

Phishing involves an e-mail message sent to as many Internet e-mail addresses as the fraudster/s can obtain, claiming to come from a bank, card company, or financial company conducting financial transactions. Fraudsters may even send fake e-mails during the current pandemic to mislead you by COVID based reasons in these times of uncertainty. The e-mail contains requests to update personal information or change PINs, and links to fake websites that look identical, or at least very similar, to the organization’s actual site.

Unaware of the threat, some customers will respond to such e-mails and enter the required information. This results in the theft of the customer’s personal information and PINs by fraudsters.


Information stolen in online fraud through phishing:

  • Credit, Debit/ATM card numbers/CVV2
  • Passwords and keywords
  • Account numbers
  • User IDs and passwords used to enter Internet Banking sites


Things to remember if you receive a suspicious email of this kind:

  • Call HSBC Bank Telephone Banking at 0850 211 0 111 immediately to report the suspicious e-mail.
  • HSBC Bank will never send you an e-mail requesting you to verify or change your passwords.
  • When HSBC Bank sends you an e-mail, the links provided will take you to information or redirection pages. The links contained in the e-mail will never take you to pages that require you to provide or update personal information.


How to protect yourself from phishing attacks:

The best protection against all kinds of fraud, scams, and viruses is to be an alert and informed customer. Do not share your personal and financial information with any website before you read the following guidelines.

  • Always verify the validity of the sender and the information contained in the e-mails received!

If you cannot verify the sender or have any doubts regarding the content of an e-mail, you should contact the organization in question immediately. Reputable organizations do not send unsolicited e-mail messages asking their members/customers to update or verify their personal or security details.

  • When conducting online transactions, always check that the website you are using is secure!

Check the address bar at the top of your browser window and confirm that the address starts with “https”. The letter “s” at the end of “https” indicates that the web page is secure and uses various encryption methods.

Additionally, the locked padlock symbol in the bottom right corner of your browser window also indicates that the page you are visiting is secure and encrypted.

This symbol confirms that the page is SSL encrypted and is the authentic page of HSBC Bank. You should click on it twice to verify the information:

“Issued to: bireysel.hsbc.com.tr” and “issued by: www.verisign.com/CPSIncorp.by Ref.LIABILITY LTD. (c) 97 VeriSign".

You need to remember that both of the above security measures can be bypassed by fraudsters. For this reason, the safest way to login to Internet Banking is typing in the address of the website yourself.

  • If you see a numerical Internet address, verify the legitimacy of the web page before using it!

The addresses of the web pages you visit contain an address part followed by the name of the firm or company and a file extension such as com, org, or net.

Example; http://www.hsbc.com.tr

Fraudulent sites usually have numerical addresses. In such cases, please contact the financial organization or firm that you are doing business with directly.

  • Try to become familiar with the web pages you use to conduct transactions requiring online security!

Watching out for changes in the web pages you use to conduct banking transactions will help you detect fake sites and help you protect yourself.

  • Do not be a victim of phishing attacks!

Once fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money from the compromised accounts. In order to cover their tracks, they recruit unsuspecting individuals to act as go-betweens by placing a variety of tempting job adverts on the Internet, promising the chance to earn money quickly without much effort.

The bank accounts of the people who respond to these ads will be used to accept transfers of money from the compromised accounts. The respondents to the ads will then be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters, using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the people who respond to the ads, which can be followed by the authorities.

Be very careful about job offers that involve the acceptance and release of funds to a bank account in return for commission. People recruited by phishing fraudsters are engaging in money laundering and are likely to face criminal prosecution.