HSBC Bermuda launches free online software to protect against phishing
HSBC Bank Bermuda customers will soon have access to free security software that will protect them against phishing and other online scams.
“Phishing” is the term used for when fraudsters try to acquire information like usernames, passwords, bank account numbers of credit card details by sending you an e-mail that looks like it’s from your bank. The email will often prompt customers to click on a link that takes them to a phoney website with a look and feel almost identical to that of their bank’s. Customers are then directed users to enter their username and password into the fake website and before you know it, their bank details have been compromised.
Raphael Simons, who heads the security and fraud risk department for the HSBC Bank Bermuda says “phishing” is a term he often avoids when speaking to customers.
“It’s very interesting because a lot of people don’t know what phishing actually is. I think a lot of people believe it’s simply a communication which comes in and they immediately put in their username, password and memorable question into the actual e-mail, not realising that it’s that link that they click on that takes them to a site that looks exactly like ours is the actual phishing site,” Mr Simons said.
“So the one thing that I learned very early on when we first started experiencing phishing e-mails was not to use the word ‘phishing’ to our customers. Because most people, they think they know what it is, and if I said, ‘Did you receive a phishing e-mail?’ They’d say, ‘Oh, no. I know all about it. I read about it in The Royal Gazette. There’s just no way I would’ve given someone my information,’” he said.
“So I started to just say things like, ‘Did you receive an e-mail that looked like it came from the bank?’ and strangely enough, that bit ‘that looked like’ they miss. What they hear is, ‘e-mail from bank’. And so they say, ‘Yeah, I received an e-mail from the bank.’ ‘What did you do with the email?’ and they’ll say, ‘Well, I clicked on the link …’ ‘And what did you do after that?’ ‘I put my information in and it took me to your webpage.’ And I say, ‘Really? And what did you do then?’ ‘Well, it kicked me back out.’ Because it wasn’t the bank’s page. That is what is known as a phishing e-mail and you just gave up your information,” he said.
Mr Simons says the real key is to get people to understand that if you click on something and you think it’s the bank, it’s probably not if they’re asking you for your username and password. He says your bank — whether its HSBC or any other bank on the Island — would never ask you for banking details in e-mail or send you a link to enter them online.
What’s worse, Mr Simons said, is that phishing e-mails can also contain links that are infested with malware or spyware. Malware and spyware are types of software programmed by fraudsters to disrupt the operation of your computer and can allow them to gather sensitive information or gain access to private computer systems.
“If you click on the [phishing] link, a lot of those links carry what we refer to as “payloads” and the minute you click on it, it downloads malware to your system which means, I’m in your computer and whenever you log in, I’m going to have your username and password,” Mr Simons said.
In the next week or so, HSBC Bermuda customers will have access to a free security software download called Trusteer Rapport, which will alert them if they are about to open a fraudulent website that looks like HSBC’s.
“For those customers that are still going to click on that link from the phishing e-mails, if they have Trusteer, it will run in the background of their browser,” Mr Simons said. “So once you’ve downloaded it, you don’t have to do anything else — there are no settings, no virus definitions to update — Trusteer will do it all.
“So, in the event that a person gets that link, thinks it’s from the bank and they click on it, and it sends them to a page that looks like the bank’s and they start to put in their details, Trusteer will flag it and say, ‘Hey! This isn’t your bank’s website. Do you wish to continue?’ Trusteer will also protect customers from any malware that may sit on their system as well and take it off their system where it can,” Mr Simons explained.
The new security software checks that you are using the real HSBC Bermuda website and blocks all known malware that targets online banking.
It is easy for customers to see that they are protected when the Trusteer Rapport icon within their web browser is green.
“HSBC Bermuda is excited about introducing this new technology that helps to protect customers from online scams,” said Miguel DoCouto, head of direct and contact centres.
“Trusteer Rapport adds valuable security when you log on to personal internet banking and is part of our “layered” approach to online protection — which will soon include the HSBC Security Device for internet banking users.”
Mr Simons said while Trusteer will protect customers from fraudulent sites, it is vital you use it alongside other antivirus software and a firewall, as it is not designed to replace your other antivirus protection.
“I like to tell people to download some sort of malware protection and our customers can actually get that for free through our website.
“Make sure it’s installed, always running and automatically updates virus definitions — keep it current,” Mr Simons said.
If you ever think your account with HSBC has been accessed online by someone other than yourself, the bank says you should contact them immediately on 299-5959.
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service