HSBC Internet Banking scam - heads up
Discussion
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
God knows
When I spoke to the fraud team they didn't say anything to indicate that this is affecting lots of people today, but then I guess you don't want your customers to know if that is indeed the case!
See the enclosed picture. I have 'circled' the part which is not normal and leads to your full code number being visible to the fraudster.
When I spoke to the fraud team they didn't say anything to indicate that this is affecting lots of people today, but then I guess you don't want your customers to know if that is indeed the case!
See the enclosed picture. I have 'circled' the part which is not normal and leads to your full code number being visible to the fraudster.
Tell me about it.
Emails asking you to verify your login details are one thing, but this is another matter. Address bar looks legit, etc.
One thing I did notice is that the first time I went onto the HSBC website my IE window closed itself and I had to open IE again, on the second opening of IE some of the IE tools were switched off (phishing filter was turned off).
Emails asking you to verify your login details are one thing, but this is another matter. Address bar looks legit, etc.
One thing I did notice is that the first time I went onto the HSBC website my IE window closed itself and I had to open IE again, on the second opening of IE some of the IE tools were switched off (phishing filter was turned off).
texasjohn said:
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
That link looks and appears genuine and leads to the normal log on page. I tried it and it went to the normal DOB and password requests although I didn't use my proper ib number and stopped at the next page. Whilst it hunts for the next page the progress bar at the bottom does say "searching hsbc for data" so maybe what you hve is a cock up or internal scam.When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
R60EST said:
On RBS login , when you are on the genuine page the address bar goes green. Does this normally happen with HSBC when all is legit ?
The favicon section of the HSBC site turns green as it logs on.Edited by jagracer on Sunday 24th January 18:11
A lot of these scams do use the genuine home page..
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.theregister.co.uk/2008/06/25/hsbc_scrip... <- from 08 I know..
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.theregister.co.uk/2008/06/25/hsbc_scrip... <- from 08 I know..
I was thinking some sort of cross site exploit.
But why on earth are you using XP and an old version of ie for internet banking?
might be interesting to look at the page source for that page. Worth taking a copy and forwarding to their fraud team (make sure to get any script pages as well)
But why on earth are you using XP and an old version of ie for internet banking?
might be interesting to look at the page source for that page. Worth taking a copy and forwarding to their fraud team (make sure to get any script pages as well)
Edited by TooLateForAName on Sunday 24th January 21:45
texasjohn said:
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
I don't understand this thread. We have three business HSBC accounts, and it ALWAYS asks for the full number to be entered, which we do. That's the way it has always been, what's the problem? When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
JumboBeef said:
texasjohn said:
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
I don't understand this thread. We have three business HSBC accounts, and it ALWAYS asks for the full number to be entered, which we do. That's the way it has always been, what's the problem? When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
JumboBeef said:
texasjohn said:
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
I don't understand this thread. We have three business HSBC accounts, and it ALWAYS asks for the full number to be entered, which we do. That's the way it has always been, what's the problem? When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
JumboBeef said:
texasjohn said:
Just a heads up if you use HSBC internet banking.
When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
I don't understand this thread. We have three business HSBC accounts, and it ALWAYS asks for the full number to be entered, which we do. That's the way it has always been, what's the problem? When you log in, on the page that you see after entering your 'IB number', if a third box appears asking for your full security number do NOT enter it. Close your browser and contact HSBC fraud dept 08456 100194.
Seems to be a very clever scam.
The address bar reads https://www.hsbc.co.uk
I was on the internet via a secure VPN link (work laptop) when I saw this last night.
The fact is, for personal banking it is usually only the first field (some of your number but not all of them).
ETA: If you have a key ring passcode (as described in the post above) lcd display which changes every minute or so, then that is quite a bit more secure, I would imagine. You don't have this device for personal banking accounts.
I have the key ring device for my VPN log in to the work server. RSA SecureID thing.
Edited by texasjohn on Monday 25th January 20:12
R60EST said:
I think the green is part of anti phishing stuff that comes with IE8 . It turns red when the site is suspect
You will have downloaded Trusteer Rapport from the RBS site which gives protection. Incidentally you can also use it on other payment sites once downloaded, somehow Trusteer identifies if the page is a spoof pageGassing Station | Finance | Top of Page | What's New | My Stuff