Top of main content
A lock on the keyboard; image used for HSBC Hong Kong social engineering.

What is a social engineering scam?

Criminals use social engineering tactics to hack into your computer or account and steal personal information and money. How do they do this and how does it differ from other scams? We can show you how to prevent it.

What is a social engineering scam?

Social engineering scams are where criminals try to con you using impersonation. Fraudsters attempt to win your trust and trick you into voluntarily disclosing confidential information, or giving them money directly.

This technique is called a "social engineering scam", because scammers use powerful social skills to try and manipulate the psychology of their victims. They use lies to construct a realistic situation to either scare you or excite you. In either case, they hope you'll hand over your personal information and hard-earned money.   

Contact virtual active icon used for hsbc common social engineering attacks.

Common social engineering scams

Scammers commonly use fake phone calls, emails, web pages, chat messages and apps. They might impersonate your relatives and friends or officials from trusted organisaitons such as entities such as  such as banks, telecommunications companies and government agencies. They do it with the intent of convincing you to give them your sensitive personal information such as account passwords.

They usually attack with one of two methods:

  • They cast a wide net

    Some scammers "maximize their scope" instead of "going deep". In this case, they will spread fraudulent information everywhere, using it as bait for potential victims.

    One technique is to post advertisements on social media, promoting investment products in the name of celebrity ambassador who will share investment "secrets" with you. Eventually this will lead to them asking you to give them your personal information such as credit card information, either over the internet or the phone.

  • Spearhead phishing

    However, just because you stay alert to fraudulent advertisements, fake websites and scam calls doesn't mean you are safe. Sometimes, scammers reverse their technique and go deep instead of maximizing their scope. In this case, they will target someone very specifically.

    They may create fake social media accounts, add you as a "friend", and then slowly start asking you for money. These criminals will carefully study your social media posts to understand your preferences, work, experiences and social circles, so they can create an intimacy that will put you at ease and make it easier to trick you into taking the bait.

Security environment icon used for hsbc how to protect yourself.

How can you prevent fraud?

  • Do not disclose your personal information easily

    Scammers will do everything possible to trick you into providing them with your personal information. Remember that an HSBC representative will never ask you to disclose your:

    1. One-time password (OTP)

    2. Account password

    3. Credit Card Security Code

    Never provide this confidential information over the phone, SMS or via email to anyone claiming to be HSBC staff. If you are not certain, please check with us or report it to us directly. Do not use the contacts provided by the suspicious email.

  • Enable two-factor authentication (2FA)

    Please enable two-factor authentication or biometric authentication to protect your account from being stolen. Learn how to enable related features to protect your financial account.
  • Avoid sharing too much personal information on social media

    Be cautious about sharing personal information on social media, which might be used by fraudsters.
  • If you suspect a scam, please report it to us immediately

    If you think you might have encountered fraud, please report it to us immediately. It's fast and easy.

Social engineering attacks are powerful in the way they manipulate human nature and psychology. They come in a surprising number of stories, which makes them tricky to identify. But as long as you stay alert and stay calm, you'll be able to spot the flaws in their lies. For more tips on preventing fraud, please read our "Three rules to prevent fraud" and take a big step towards protecting your data and property.