This morning, I received an SMS message which stated that my account had been locked up and asked me to login to verify with a given link (http://activation-hsbc.com/cgi).
I inspected the "login" page and found that it would redirect you to your real local HSBC Personal eBanking Login page. However, your credentials would be logged by javascript and you would be redirected to Deep Web (or Dark Web) where all your real ebanking transaction sessions would be hijacked.
The phishing website domain was registered yesterday and the data show that it is from Russia (may be fake). The IP address of the server is 185.151.245.43. The URL http://185.151.245.43/cgi will show the same content.
I think that it may be a global HSBC phishing website. Beware!
That's all! See you.
(Update) After 4 hours of the reporting : I got the following confirmation email from HSBC :
Dear Customer
Thank you for your e-mail of 17 July regarding an SMS you received
claiming to be from HSBC.
We confirm that the SMS in question is NOT genuine HSBC message. We have
reported this matter to our relevant department for their attention and
necessary action.
To safeguard your interests, please do not reply or click the link
inside the SMS. Please delete the SMS immediately.
Thank you once again for taking the time to bring your concern to our
attention. We are pleased to be of service.
Yours faithfully
Cxxxxxxa Wong
Senior Customer Support Officer
Retail Banking and Wealth Management
The Hongkong and Shanghai Banking Corporation Limited