The email scam you must not fall for

Rights, Scams and Politics

Updated on 22 October 2010 | 18 Comments

Find out how to avoid this terrible email scam!

There are times when I don't know whether to laugh or cry.

Receiving an email entitled “HSBC card has been locked” is one of them.

For a start, I don't have and never had had an HSBC account. It's a good bank (it includes First Direct) with above average customer service but I've never used it. And secondly, I know that no bank would ever communicate in this way.

Opening the email – don't do this at home as it could lead to a malware attack – tells me:

“Dear HSBC Client,

Your HSBC Debit Card access has been limited. To remove the suspension, please confirm that your card was not stolen. To do this, please download and complete the attached html. form.

We are sorry for the inconvenience but your security is our top priority.

Kind regards

Customer Service”

@Copyright 2010 HSBC

The English is dodgy, and they don't know my name – let alone that I don't bank with HSBC.

So I opened the attachment – again, don't do this yourself – and find a form headed “Security Measures – Restore your access online”.

This asked for my internet banking user ID, my date of birth, my security number, my debit card number, its expiration date, the three figure code on the back and my mother's maiden name. With all that, they can re-create my life, even find my birth certificate. At the very least, the debit card details would enable the scamsters to go on a spending spree – courtesy of me.

No one should ever give these details – unless it's to someone you are totally and utterly sure is safe.

Phishing for victims

The supposed HSBC website this page leads to shows tabs such as Savings, Mortgages, and Insurance. Clicking on these brought up pages that look genuine – they appear the same as the legitimate HSBC site. However, there is a clue that it is phoney. Under Investments, I read that New York's Nasdaq index stands at 2,048. But it was really 2,467 at the time I looked – HSBC updates these numbers very regularly. It's obviously a snapshot of the site at a particular time, taken some weeks ago.

This is a phishing attack. Phishing is a variant on “fishing” as in “fishing for victims” or “fishing for details”. The word was invented to make it look like the phrase “phone phreaking” – a pre-internet scam.

Now I first exposed “phishing” eight or so years ago. And there have been countless other warnings since, including many right here on lovemoney.com.

31,448 phishing attacks so far

So should I laugh at this pathetic attempt to defraud me?

No, I should weep because someone will fall a victim to this or something similar.

The Payments Council, which acts for the banks and tries to stop phishing and other illicit schemes, tells me that in the first half of this year alone, it detected 31,448 separate phishing attacks, an increase of 21 per cent on the same period in 2009. That's over 170 a day – and those are just the ones it discovers. This figure ignores non-bank phishing based on the likes of PayPal or HMRC.

The banks, which co-operate with each other on this, try to shut down the phoney and fraudulent sites as soon as they appear. Usually, you just get an error 404 message should you try to click through. But some, like mine, get past the filters.

But perhaps, if I can't laugh, I can at least smile. The phishing fraudsters are having to work harder. While the attacks go up, their hit rate falls. The most recent figures for the first half of this year shows a 36 per cent decrease to £24.9m.

That's still an awful lot of cash. The average loss is £1,100, mostly but not always refunded by banks – many banks will not help if account holders are really stupid! As for the biggest ever loss, no one really knows because it may not have been reported but it is well into five figures.

Phishing is international. The biggest ever arrests were last year when the FBI and Egyptian authorities working together in Operation Phish Phry netted 100 phraudsters. But there are thousands more out there looking for someone who believes them. On past experience, they'll find a mug.

Any lovemoney.com fans who want to know more (and what to tell non lovemoney.com readers) should go to www.banksafeonline.org.uk.

Award-winning scams expert Tony Levene explains why he's writing a blog about scams and why he is The Scam Magnet!

More: The sneaky postal service scam | The prize scam that says prize sucker | The new scam on your doorstep  | The scam the Government uses to rob your children | Sell your car for £1,000 more than it’s worth  | Watch out: These 'bargains' are scams!  | My email from a psychic scammer  | The gambling tips scammer  | The scammer who visited me  | My phonecall with a sharedealing scammer  | The oldest scam in the book  | My phonecall from a wine investment scammer  | How I was targeted by a property scammer  |  My phonecall from a scammer  | Nine things you need to know about scams 

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.