04 June 2020

How to protect your business from becoming a victim of fraud or scams: Malware and phishing trends

The Coronavirus (COVID-19) outbreak has resulted in hackers wanting to take advantage and get ahead of the current situation and defraud people and companies.

Over the latest weeks, Coronavirus / COVID-19 related phishing campaigns have become a more constant practice for fraud.

By taking advantage of the growing emergency situation and panic among the population, hackers have created effective techniques for fraud, incorporating fake web pages, malware and fraudulent links. For this reason, banks have been noticing higher hacking activity, malware and cyberattacks against consum-ers. From HSBC’s perspective, strategies for fraud detection are in constant review and are being adjusted in accordance to the market’s behavior in order to protect the assets of our clients.

Consumers in general

Not only financial services organizations have been victims of this issue, also small, medium and large companies can be victims of this type of fraudulent campaigns. To avoid being a victim of fraud, we suggest staying alert to the following type of scams:

  • Phishing*

    You may receive e-mails that lead to web sites where confidential personal or financial information is requested. Some of these e-mails might look as if they come from a legitimate source but they are designed to steal your personal information and use it to access your accounts.

  • Malware

    Is malicious codified software with the intent to affect private or corporate computers. Hackers usually use this type of software to redirect on-line banking users to fake websites and perform fraudulent transactions. Malware is usually delivered by phishing e-mail or fraudulent links.

Protect your company from cyberattacks.

Thematic phishing increased in March 2020 and it has been a surprising development caused by anxiety over the global pandemic. Hackers have exploited this to promote their malicious objec-tives.

Modus Operandi

When it comes to phishing It is important to mention that even though the coronavirus subject has expanded, there has been no change in tactics, techniques and procedures used by hackers. They keep sending the same malware or basic product links to malicious phishing sites used to cheat their victims into providing personal information. The most common phishing example uses a hy-brid subject between HSBC and coronavirus. Hacker’s purpose is to redirect victims to a fake HSBC website where they are cheated to provide private information without knowing it. Again, this tactic is no different of other lures where they try to legitimatize their malicious intentions using the HSBC logo.


Lessons Learned / Proactive strategies for risk mitigation

For coronavirus subject phishing HSBC uses a tool to scan and block malicious e-mails identified on the web. Over 228,000 malicious e-mails have been blocked this year, many of which were phishing intents and some with coronavirus subject. The automated process from our cybersecurity team to identify this malicious e-mails allows the Threat Detection and Monitoring team to investigate and stop threats by avoiding possible connection with our systems infrastructure. Its worth mentioning that no increase in this type of threats has been noticed in spite of the constant anxiety caused amid the coronavirus.

Scam Examples
How to maintain your business secure
  • ackers are creating fake websites, social media ac-counts and e-mail adresses that claim to be selling medical supplies that are currently highly demanded and they ask for unusual payment methods such as in advance payment by money order, bank transfer or in-ternational funds transfer.
  • Never share financial or company information with people you don’t know.
  • They are also creating and manipulating mobile apps designed to track the propagation of the coronavirus / COVID-19 to insert malware that will compromise electronic devices and user personal information.
  • Never click on links, text messages or e-mails and never open any at-tachments unless you are sure they are secure.
  • They use fear to hack health companies and health professionals by using rescue articles. Among a wave of undesired SMS messages with offers around masks, survival guides and compatible medical treat-ments such as CBD oils.
  • Be careful with the information you share on social media because it can provide hackers with several pieces of information that allows them to create a more wide image of yourself.
  • At HSBC we will never ask for your password, personal or financial in-formation, or ask you to move funds to a secure account.




Send any suspicious e-mail to report.phishing@hsbc.com, afterwards delete the e-mail from your inbox and reach out to your account executive.


This webpage does not include all the terms and conditions applicable to the products and services offered by Banco HSBC S.A., this is only an informative and non-binding marketing material which is presented exclusively to you for your consideration. The information in this webpage is subject to change without notice. This webpage has been prepared and issued by Banco HSBC S.A., and is provided to you for informational purposes only.

© Copyright 2020. Banco HSBC S.A.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.