Security researchers from Griffin Law discovered that HSBC bank customers in the U.K. are being targeted by a new smishing campaign, which is intended to trick them into entering their bank login credentials.
The researchers stated that the smishing attack, also known as SMS phishing attack, begins with a fake text message that claims to be from the banker notifying the receiver about a new payment made via the HSBC mobile app from the victim’s device. The message asks the users to visit a site Security.hsbc.confirm-systems.com to report in case they have not done the transaction. If a user clicks on the link, it will redirect them to a phishing site impersonating the legitimate HSBC bank site and asking users to enter their account login credentials and other personally identifiable financial information (PIFI). Griffin Law received complaints from around 47 people saying they have received fake text messages. The attackers also sent phishing messages to users who did not even use the HSBC app.
Several industry experts warned that hackers often use smishing techniques to steal financial information from victims by attracting their attention with unauthorized payment messages.
Cyberattack on HSBC
Earlier, the HSBC officials revealed that some of its U.S. customers’ bank accounts were compromised. The bank stated the incident affected 1% of its American clients after cyber miscreants allegedly accessed customers’ names, addresses, date of birth, bank account numbers, account balances, statements, transaction histories, and payee details. HSBC suspended the internet banking access temporarily to the affected customers to prevent further loss and reported the incident to the California Attorney General’s Office. Further, the banker improved the authentication process of its online banking and also provided the users with a complimentary subscription to credit monitoring and identity theft protection services.