I’ve just received yet another email stating that an account I don’t actually have has been disabled (i.e. an email phishing for my account login details, on the off-chance I had an account with HSBC).
Normally I’d just delete it, but this one was slightly different for a couple of reasons.
Firstly, instead of pointing me to a website to phish the details, this one included a webpage as an attachment, rather than a link. Even without the other obvious signs, that would ring alarm bells. Here’s what the attachment looked like:
Fill in the details, and your details will probably be used by the spammer to login to your account on the HSBC website.
Secondly, the email tries just too hard to get me to use the form they’ve attached. Here’s the text of the email:
—–
Dear HSBC Online User,
We regret to inform you that access to your online account has been locked.
This happened because of too many failed log-in attempts.
To restore your online account access you can:
1. Visit your local branch and complete the Unlock My Account form (takes several days)
2. Complete the Unlock My Account form online, by downloading and completing the attached form (instant)
Quality service and the security of your account are of great importance to us.
We appreciate each opportunity to serve you.
Sincerely,
Customer Service
—–
It’s that point #2 that really looks desperate, offering instant re-activation of my account, rather than a few days wait should I go into a branch.
Anyway, regardless of the method, the ultimate result was the same – a spam report was sent and the email was deleted.
Always be suspicious of emails from your bank asking you to login, especially if there are links in the email, or even attachments. You should always type the web address in yourself before logging in, to be more sure you’re navigating to the correct website.