Hsbc Phishing Attempt

[chiang mai]

Just a word of caution to any HSBC customers using internet banking:

I was going to send a message to HSBC UK this morning and loaded their website from my bookmarks, when it loaded I was met with the normal home page. When I hit logon another page appeared that looked to all intents and purposes like an HSBC screen, the address in the toolbar continued to show green (rapaport) but the screen asked for personal information under four tabbed headings, the information started with DOB, account number, sort code and on a subsequent tab PIN and address etc. The screen explained that the information was needed to verify some aspect of security for Rapaport (HSBC security system) and I started to enter my date of birth. It was only when I had nearly finished the first line that I realised I hadn't yet logged on hence there's no way the information request could be valid. The obvious aspect that confirms this is not a valid screen is the fact that the screen asks for your PIN which is something banks never do.

It all looks very legit so folks need to be careful, especially when it's first thing in the morning and you're still groggy. I'll be curious to know if anyone else has seen the above?

[chowny77]

I had problems with my ATM debit card. So through contacts back in England (i.e. my mum) she contacted HSBC on my behalf. It turned out that supposedly my card had been compromised and would send me a new one which I just recieved but have not activated yet.

I live in a fairly small town well away from BKK, CM. I doubt anyone where I live have the first idea on how to copy my card but you never know. I think it was just a automated response to me trying to take cash out over my limit, which with the exchange rate can sometimes cause problems.

Thank god my mum was back home to sort out some of the telephone calls otherwise I would have been in deep poop.

[phomsanuk]

Had a similar scam twice on my banks here..

[FalangBaa]

I had the same problem. My HSBC debit card was blocked, so I called the support number and some incomprehensible woman in India told me very rudely that fraudsters had obtained my card details. She reduced my daily ATM withdrawal limit to £200 and flat out banned me from using my card online or in stores; only in the ATM. She also said I have to call her back later and cancel the card, then a new card number will be sent out to my address in the UK and someone will forward it to me here in Thailand. I have no idea how scammers got hold of my card details, but I'm suspecting they got it from the ATM (as they physically insert some kind of device inside the ATM) because I very rarely use my card in stores, except for occasionally in supermarkets if I'm buying more than 4 or 5 thousand worth of foods.

[PattayaParent]

OP, don't you have the new little 'calculator' system from HSBC that you use to generate PIN numbers?

Did you report the web address to HSBC?

[cmsally]

Now after you put in your user ID you have to grapple with the cheap tacky plastic calculator.

Did it pop up before this?

If you think you have escaped these with HSBC offshore , unfortunately not, they will be issuing them shortly.

[eek]

Just received a new card from HSBC after they blocked my ATM (found out when i went to use it).

Called them up and they said my card details had been compromised.

The card is always in a locked drawer, with me being the only one with access to it, and i use it approx once a month at an ATM attached to Kbank or Aeon (and it then goes back zipped up in my bag).

No idea how the card was compromised, but apparently it was.

The card took nearly a month to arrive.

Thank you for the heads up on the hsbc site chiang mai. It definitely wasnt the new log in page for HSBC now that they introduced the (annoying) HSBC pin generator calculator thingy..?

Edit: ahh ok, you didnt the " Log on to Personal Internet Banking" screen initially. Ow.

Edit 2: Sorry if sounds obvious, but you didnt per chance hit the "remember my user ID" box did you? Because then it may take you past the initial log in.

Edited May 3, 2012 by eek

[chiang mai]

OP, don't you have the new little 'calculator' system from HSBC that you use to generate PIN numbers?

Did you report the web address to HSBC?

Yes and yes, but the interesting thing is that the phishing page appeared BEFORE I hit the log in button. So I would guess that as the HSBC home page was called and loading the phishing page was called/sent at the exact same time and overlayed the legit home page. When it's 6am and you're trying to log on to HSBC UK to check something and this very smart page loads and asks you for some info, the sleepyheads amongst might be easily fooled. I found it all pretty sophisticated and very scary.

[chiang mai]

And one more thing whilst thinking about HSBC: anyone that still has funds in HSBC Bangkok and needs to communicate with them, forget it, it aint happening. I've been trying since last Friday to get something done and have sent emails (bounced), sent faxes, called the contact centre and even sent secure messages, still no positive action despite reassuring verbal/message responses. I finally bit the bullet this morning and flew down there and did what I had to do in person, my contact there confides that the closure process is being squeezed, HSBC is keen to get out and BAY is keen to take over so things are falling apart. Also, secure key access has been removed from their website when entering via Global View, that's really scary.

[chiang mai]

Edit 2: Sorry if sounds obvious, but you didnt per chance hit the "remember my user ID" box did you? Because then it may take you past the initial log in.

Fortunately not, phew!

[rakman]

Sounds like the website has been hijacked, which is very, very scary. Or, you could have a virus or some other malware.  In order to get your HSBC bookmark altered would be your DNS or hosts file (on windows: c:\%systemroot%\system32\drivers\etc\hosts; linux /etc/hosts) was compromised.

A phishing attempt is typically off an email that has invalid links. http://en.wikipedia.org/wiki/Phishing

Having your bookmarks altered is a whole new problem, and surprising it was just HSBC.

Check your hosts file and your bookmarks, and run some malware and virus checks.Or, the website has been hijacked, which is very, very scary.

Edited May 3, 2012 by rakman

[chiang mai]

Sounds like you have a virus or some other malware. In order to get your HSBC bookmark altered would be your DNS or hosts file (on windows: c:\%systemroot%\system32\drivers\etc\hosts; linux /etc/hosts) was compromised.

A phishing attempt is typically off an email that has invalid links. http://en.wikipedia.org/wiki/Phishing

Having your bookmarks altered is a whole new problem, and surprising it was just HSBC.

Check your hosts file and your bookmarks, and run some malware and virus checks.

The interesting thing is that my bookmarked HSBC address is correct and the correct site did load, the fake page then loaded at the moment I hit logon to the real site, once I closed the fake page the real site was sat there waiting for me to enter my logon credentials hence it never knew who I was just that I called the HSBC UK site.

I'm pretty certain my hosts file is clean, (it's locked by Avira) my anti-virus software and the virus scan (Avira and a remote Housecall) all run clean. Also, Spybot shows the PC is clean and all software is up to date. Finally, I use Comodo as a firewall and run Hijackthis periodically.

I theorised this was a driveby that targets calls from HSBC UK rather than calls by users to HSBC UK.

[Farma]

Interesting as the HSBC UK main internet banking page now has "This portlet is unavailable" under Log In Welcome to internet banking.

Although clicking the red log on button at the top right of the screen still takes you to a normal looking page requesting your user ID.

[chiang mai]

Interesting as the HSBC UK main internet banking page now has "This portlet is unavailable" under Log In Welcome to internet banking.

Although clicking the red log on button at the top right of the screen still takes you to a normal looking page requesting your user ID.

There's a possibility this is something called ns41 which a is a domain host controller virus, I'm digging into that aspect currently and will report back. If that's what it is the virus sits on the host DNS and not on the client PC.

[chiang mai]

It looks like my PC is free and clear, no viruses or malware on it. It seems more probable that this was a virus that targets calls from DNS so we all need to be alert when using HSBC online.

[chainarong]

Have just logged into my HSBC HK Net bank account from Australia, no problems. Narrows this problem down some what.

[PattayaParent]

I logged onto the HSBC UK website yesterday with no problems.

[chiang mai]

Yep, and I've logged on myself a couple of times since without problems also. But I'm not convinced my experience was an aberation and it has taught me to be a lot more observant and aware in the future, I continue to think that folks need to be very careful.

[chainarong]

Yep, and I've logged on myself a couple of times since without problems also. But I'm not convinced my experience was an aberration and it has taught me to be a lot more observant and aware in the future, I continue to think that folks need to be very careful.

No harm in letting everyone know , there's that much trash out there, all trying to rip people off, beggars belief what tricks they will pull to satisfy their miserable existence

[cmsally]

I've been logging in to HSBC UK from the Uk and no problems.

[Screws]

While we are talking about HSBC, I had over 40,000 Bht equiv. (HKD) in a HK account on Saturday. Tried to draw on Aeon today, could only get 38,000 bht. Somebody is making a pretty penny! Anyone know who is taking the difference? Grateful for any advice - 2.5 to 5% on top is a bit rich.

Looks like TT from the bank to Thailand might be a better deal - if I recall it's about 1,000 baht. Anyone have a better (cheaper) way to bring money in?

[skills32]

While we are talking about HSBC, I had over 40,000 Bht equiv. (HKD) in a HK account on Saturday. Tried to draw on Aeon today, could only get 38,000 bht. Somebody is making a pretty penny! Anyone know who is taking the difference? Grateful for any advice - 2.5 to 5% on top is a bit rich.

Looks like TT from the bank to Thailand might be a better deal - if I recall it's about 1,000 baht. Anyone have a better (cheaper) way to bring money in?

Yeah. Open a paypal a/c in your own country and another in Thailand. Deposit money in the home a/c and transfer it to the Thailand a/c and from there transfer to your Thai bank a/c.

Takes about 10 days but only costs about #5

All up costs about $5

[moonbarman]

I had the same problem. My HSBC debit card was blocked, so I called the support number and some incomprehensible woman in India told me very rudely that fraudsters had obtained my card details. She reduced my daily ATM withdrawal limit to £200 and flat out banned me from using my card online or in stores; only in the ATM. She also said I have to call her back later and cancel the card, then a new card number will be sent out to my address in the UK and someone will forward it to me here in Thailand. I have no idea how scammers got hold of my card details, but I'm suspecting they got it from the ATM (as they physically insert some kind of device inside the ATM) because I very rarely use my card in stores, except for occasionally in supermarkets if I'm buying more than 4 or 5 thousand worth of foods.

I had exactly the same thing happen to me on a trip to bkok recently could not get any money from atm because card blocked had to call uk and they told me the same thing someone had got my details, reduced my daily amount to 200 and said dont use anywhere but atm said they would send me a new card but i told them not to bother as i will be back in the uk in june and sort it out then, so far been ok since no probs but still under restrictions which is a pain in the arse!.