Several HSBC websites are subject to scripting flaws that create a possible mechanism for crooks to create more convincing phishing scams.
Security blog xssed.com has posted a list of affected domains, which include HSBC sites in multiple territories including the UK. Xssed has been tracking problems on the bank’s sites since last year. The bank has been taking up to two months to fix problems, with issues pointed out to it in May still unresolved.
Flaws in the Greek HSBC website and its flagship .com site were added earlier this week.