TOT: HSBC scam letter

The bloke who collects scrap metal round here was telling me he'd had a letter purporting to be from HSBC bank plc. It said that someone had attempted to access his account on the phone, but failed to 'complete our security procedures'. So would he fill in the form giving his name, address, passwords, etc. The whole package was apparently very convincing, including a handsome HSBC brochure detailing the firm's services.

There is, however, one big give-away. He doesn't bank with HSBC.

About a week later my aunt rung. "I've had a letter from the bank..." She'd taken the letter into town and shown it to HSBC where she banks.

The clerk had looked at it, then consulted her computer, then said, "Yes, someone attempted to access your account at 5.21am on the 6th, but they failed to give the password."

My aunt has never used telephone banking; in fact she didn't know there was such a thing. However the clerk said that she was all set up for it. Aunty came away confused. I've suggested that she goes back to the branch and asks for the password details, to see if that reveals anything.

Bill

Reply to
Bill Wright
Loading thread data ...

Local radio was warning people about bogus attempts to get password details from HSBC customers a couple of weeks ago and there are similar warnings on their internet banking web sites. The usual rules apply - they will never ask for your password or log on details.

Colin Bignell

Reply to
Nightjar

Was it addressed to him though? HSBC seem to be a bit prone to having customers that forget to move their credit cards when they move home or more accurately a system that holds two contact addresses - which can lead to an old one being used for emergency contact notification!!!

I had one addressed to a Mr G Brown at my address having lived here for most of fifteen years. I got notified of a dodgy transaction on an HSBC credit card I knew nothing about. Suspecting stolen identity I took it to the bank only to discover that a previous resident had been a Mr G Brown (no relation) and that his HSBC credit card had very recently been compromised. They acted to alter his credit card contact address - there must be two since I never saw any of his credit card statements.

Another interesting gotcha with the "Barclaycard (In)Secure" card protection service when you move house is that you have to notify the (hidden) provider of your change of address or you will be charged in perpetuity for a service that sends a complete list of all your old credit cards to your former address and charges you for this so called "service". When challenged they cite the data protection act.

They can't give her the password only force a reset and send her a new initiation code. HSBC online banking requires a magic widget and as such is relatively secure unless the token is physically stolen. They also recommend you use Rapport anti-key logging software (but I have a suspicion that it destabilises IE9 even more than it is already).

Reply to
Martin Brown

Or so they say. They should never do it especially for PIN & password. When you ring them some do ask for a pair of letters from it.

But it doesn't stop them from cold calling and demanding me to prove my identity to them (I refuse and we get a nice off script bind). I always assume that anyone ringing me about banking is a hostile player. IF they will tell me what it is about I will ring them back on a published number and if they won't I instruct them to put it in writing and remember that all calls are recorded for "Training Purposes".

And they will never send you links to their site in an email either - don't make me laugh, they do it all the time. They will do anything to generate more income from their suckers^d^d^d^d^d^ customers.

Interest rates are a whopping 0.01% on some accounts now.

Reply to
Martin Brown

...snip...

Not sure about this HSBC one but there were some "rather good" scam letters circulating where I live recently claiming to be in relation to wills for relatives in Asia. One was sent to my elderly neighbour who had indeed served in Asia during WW2 and the letter named a relative correctly, although the name was a common one so it could have been a guess.

It had all the smell of a scam though, as it proved to be when a work colleague received an identical letter (different recipient and relative's names) a few days later.

So if you're "in the know" not too hard to spot, but given it was a well typed, grammatically correct letter with enough detail to seem plausible, it did get my neighbour thinking. Fortunately he asked me first but I'll bet some in his position wouldn't have.

Paul DS.

Reply to
Paul D Smith

I've had that Rapport thing installed for quite sometime on the VM I only use for internet banking. Doesn't appear to have caused any issues with IE9.

Reply to
WCZ

If there is one thing a bank will never ask for in a scam e- or snail-mail it's a password. Though having said that Coventry Building Society do something odd but their login system is so complicated I've forgotten all the bits required to do it.

They won't (or shouldn't!) give them to her. I suggest she goes to the bank and gets them to disable telephone and online banking as she doesn't use them and they are an now obvious security risk. Also take a letter (and keep a copy) stating that and give it to them as well as talking to them to get the access disabled. The letter is so that if her account does get hacked, she can point at the letter and say "How? Give me all my money back."

Reply to
Dave Liquorice

...

I have an entirely separate security password for use when speaking to them on the telephone.

Technically, it isn't a cold call, as you deal with them. However, my account is annotated that I don't want sales calls and I don't get any.

Again, at my request, they don't send me emails either.

Colin Bignell

Reply to
Nightjar

According to IT staff at work Rapport is a pain in the a**e.

MBQ

Reply to
Man at B&Q

I think that's the one with the grid of letters and numbers that you have to quote from.

MBQ

Reply to
Man at B&Q

I agree, that sounds like the best advice of all. If she doesn't need it or want it, have it permanently disabled, and the creator of the access will be denied any use of it. The bank should also try to catch him when he does try, at least by noting where he 'phones from. I recently had a new Debit card issued to me from HSBC, they wouldn't tell me why, just gave the impression that a bunch of account details had been compromised. I didn't notice that news on the TV News.

Reply to
Davey

So change to a bank that has a clue, and don't leave money lying around in a non-interest paying current account. A lot of people are their own worst enemies when it comes to money management.

MBQ

Reply to
Man at B&Q

It happens frequently, and is often reported somewhere, if not on the mainstream TV news channels.

Usually it is because the bank has learned (possibly through patterns of fraud) that a particular merchant has been compromised, and they re-issue cards to any customers who have transacted with them during the relevant period.

Reply to
David Taylor

If *you* call *them* the situation is entirely different, because you will have used a bona fide phone number so you know who you are talking to. The golden rule is never to forget who initiated the call. If *they* called

*you*, no matter how pleasant they sound or whatever they're offering, you must assume you don't know who they are (unless you recognise the individual from a previous call of course).

One of the ploys of some cold-callers is to keep you talking (extolling the merits of whatever they're trying to flog) for a so long that by the time they ask for your details they hope you'll have forgotten that you don't know them from Adam.

Rod.

Reply to
Roderick Stewart

Maybe its an inside job.

Brian

Reply to
Brian Gaff

It happened to my Citibank card in the US at least three times, but each time, it was part of a big news item, I was one of thousands, if not more, each time. This was the first time it has happened to me in two years in the UK, so I was expecting similar news coverage. I asked for more details, but they referred me to the HSBC Fraud Squad, and I haven't got round to contacting them yet. I am expecting it to be linked to some particular merchant, but since they haven't told me such, hopefully the issue is sorted now. I can't steer clear of the merchant if I don't know who it is. I also read that the HSBC account card can be de-coded/by-passed, by somebody serious enough. I personally preferred the older system whereby you had a long series of digits, and you needed to enter three specific digits when requested; with this card thingy, I can't get access if I don't have it with me. Pros and cons, as always.

-- Davey.

Reply to
Davey

I've now seen the paperwork. The return envelope is addressed to a Coventry box number. The only mistake in the whole thing is that 'Box' is given as 'Pox'.

Bill

Reply to
Bill Wright

Hmm, speaking as a postie, I wonder if the IB would be interested. The IB is the Post Office Investigation Branch. Normally they will claim to be "transparent" meaning you can do what you like with a P.O. box number but if this is a fraud they may want to know. Of course it could be a private box number at one of those shops with boxes.

Either way the best thing to do with it is to let the bank know what is going on and they can take it from there.

Reply to
Phil Cook

Yes, there is a bit of cardboard involved. If you forget your username and passowrd I think you are stuffed as you need the other to get a reminder of one. The reminder or reset comes via snail mail.

Reply to
Dave Liquorice

I don't object to that.

What I do object to (and my Visa supplier has done it twice this year) is having the card blocked without anyone telling me it has been done. On one of the occasions, I tried to use the card three days later (I wasn't spending much!) and found it was blocked. Phoned them and they said "Oh yes, we did that on Wednesday. You'll get a new card in a few days".

Reply to
Bob Eager

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.