Top of main content

Received an SMS?

Review our security guidelines to avoid common scams

If you've received an SMS or text message that appears to have come from HSBC, please exercise caution before replying or clicking on any links.

Criminals may send messages that appear to be from us, or other institutions such as your internet provider, the government or the police.

These messages can often look very realistic, and some may even direct you to a website that looks virtually identical to our own. Their goal is often to trick you into entering sensitive information so that they can gain access to your accounts. 

What to do if you receive a suspicious text

If you receive an SMS that you believe is suspicious:

Don't:

  • click on any links contained in an SMS
  • download any attachments
  • reply or call back

Do:

  • report the message to us at phishing@hsbc.bm
  • if you wish to check whether or not a message you have received was genuine, call us using one of the numbers listed on our Contact us page

Messages HSBC might send you

Some genuine messages that we might send to you via SMS include:

Card alerts

If you have subscribed to HSBC Card Alerts, you will occasionally be sent messages to advise when your credit card has been used to make purchases based on parameters that you have set up - for example if your card is used outside Bermuda.

One-Time Passwords

As an extra layer of security, we will occasionally ask you to enter a One-Time Password before logging into online banking. We will provide this password via SMS.

A genuine text message from us will NEVER contain a link. Please do not click links received in SMS that claim to be from us. Instead, visit hsbc.bm directly or use the official HSBC Bermuda mobile banking app if you would like to log in and check your accounts. 

Common scams to watch out for

Scammers are creating increasingly sophisticated fake messages, some of which may look very convincing.

They will usually look very similar to a message you might expect to receive from us, or another trusted organisation.

Typically, they will:

  • encourage you to take urgent action
  • ask you to verify new payees, transactions or devices
  • include links to URLS which resemble hsbc.bm but are slightly different, such as hsbc-bm.com or device-hsbc-bm.com, or hidden behind generic URL shorteners such as bit.ly
  • look similar to real messages. They may show up in the same thread as genuine messages you've received from an organisation

The following messages are known frauds that have been sent to our customers, claiming to be from HSBC.

If you receive a message that looks like any of the following, do not respond to them and do not click on any links contained in the message.

HSBC: There has been a login attempted from a new device. If this was NOT you, please follow the steps: device-hsbc.bm.com

HSBC: We have temporarily restricted access on your account due to suspicious activity, to re-authenticate visit hsbc-bm.com

A new payee “MR ADAMS” has been added today. If this was NOT you, please visit hsbcalert-bm.com

Your order BM621*** is ready, pay the shipping costs now or your package will be returned to the sender. https://bit.ly/312jMkJ

Ticket ID: OTk5NjE1Mzg

Trusted numbers

If you receive a call or an SMS and you’re unsure whether the sender is really from HSBC, the safest thing to do is to hang up and call us back on one of the trusted numbers listed on our Contact us page.

A genuine HSBC employee will not be offended if you decline to provide personal information requested over the phone or by SMS, so you should be extremely cautious if a caller becomes irate or attempts to pressure you into doing so. If in doubt, hang up and call us back on a trusted number. 

Listening to what you have to say about our services matters to us.