Here's a screen shot of a phishing email we recently received.
It's not a particularly good one, but the routine is the same. The bank asks you to 'log-in' via the link they provide, to reset your password.
It's an old trick and we would hope very few people would fall victim to this. Clearly the spammer is relying on you being a customer of HSBC, but there is so little branding or instruction that it's far too obvious a hoax.
One immediate flaw which is present in all of these types of email is the use of 'Dear Customer' rather than your actual name.
Notice the tooltip that appears when the mouse hovers over the link (in Apple Mail). Clearly the url has nothing in it to convince us it's legitimately from HSBC. It will run a PHP script which will cause no end of trouble for the unsuspecting victim.
Be aware, be suspicious, be safe (and use a Mac ;) )