SINGAPORE: A few weeks ago, my mobile phone rang with an incoming call from a local number. “Hello, I’m Alvin Lee with the HSBC anti-fraud department,” said the caller.
Now, I’ve had fraudulent charges made to my credit cards in the past, incidents I managed to resolve with bank officers on the phone. However, I don’t have an account with HSBC – so like any other scam-fatigued Singaporean, I was immediately suspicious.
One little detail stopped me from hanging up right away: He had a local accent.
“I don’t have an HSBC account,” I replied cautiously.
“But you applied for an HSBC Advance Credit Card using your Singpass on Dec 4?” he asked. I hadn’t.
He then rattled off my exact NRIC number and full name. “How did you get my information?” I asked.
“All this information came into our system when you – or someone else I guess – used Singpass to purchase this credit card,” he replied.
Can we use Singpass to buy credit cards? I tried to Google this, but he was already moving on: “Your Singpass seems to have been compromised. Did you click on any malicious links in the past six months, or scan any suspicious QR codes?”
Instead of answering his questions, I asked: “Where are you calling me from?”
He replied, without missing a beat: “Oh, from our HSBC headquarters at 21 Collyer Quay.” I immediately Googled “HSBC Singapore headquarters” and that was the first address that popped up – although in the moment, I missed one small but crucial detail: That location belongs to HSBC Capital (Asia).
