HSBC UK have warned its customers that fraudsters are tricking people into disclosing their bank passcodes, giving them the ability to spend thousands in online purchases.
The bank is urging people never to reveal their one-time passcode (OTP) to others, after recording an increase in related scams.
In August it said scams involving suspected disclosed passcodes increased by 25 per cent compared with March.
Someone may be prompted to enter a passcode to authenticate a transaction when using their card online. The code is texted to the customer, who then enters it on the retailer’s website.
But HSBC warned that fraudsters are calling customers pretending to be from banks or other trusted organisations and requesting an OTP, which they can then use to make a transaction.
At the moment there have been more than 3,000 cases of this type of fraud being successful in the last six months.
Often, scams start with a bogus text message, tricking people initially into entering their card details before scammers then make further contact with the victim and request the OTP code.
One HSBC UK customer received a text that seemed to be from DPD, which said it was trying to deliver a package.
She clicked on the link within the text and was sent to a page she felt looked legitimate.
Within the page, she was asked to input her card number, sort code and account number. She was asked to pay a small fee.
Following that she received a call appearing to be from HSBC UK, claiming the bank was aware of a suspected fraud.
She was asked to disclose an OTP code to recover funds, not realising this was authorising card transactions.
It was only afterwards when realised she had not been speaking to the bank after she received a genuine call from HSBC UK to question the transactions.
Another scam involved a customer receiving a text that appeared to be from Royal Mail to arrange a redelivery.
After inputting card details, he received a call from someone purporting to be from HSBC UK’s fraud team.
The caller advised they could stop transactions by using a code that the customer would receive, which the customer then shared, but this was the OTP code.
This meant high-value transactions were authorised on the card.
He only realised it was a scam when he received a text from HSBC UK saying he had breached his overdraft limit.
David Callington, head of fraud at HSBC UK, speaking to the PA News Agency, said: “If someone calls you and asks for your one-time passcode, hang up straightaway, it’s a scam.”
HSBC UK said its customers will receive a warning in texts containing their OTP instructing them to never share the code, even with bank staff or police.
Customers can also choose to verify transactions in the bank’s app, instead of receiving an OTP.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here