Preface: Not the first time heard that cyber criminals mimics email from bank to hunting the victims.

Historical record: HSBC’s “Payment Notification” malware email was discovered in 2018.
These emails are designed to confuse people’s vigilance and use the HSBC brand name to reduce the defensive awareness of email recipients. An “auto-generated” email suggests that you open an attachment to view the payment proposal document.
If you open the attached Microsoft word file, you will be prompted to enable macros. If you do allow, a malicious macro will run in the background, The macro will download and install malware on your computer. I believed that cyber criminals hunting the mobile phone users this round.

Staying alert: For more details, please refer to official announcement for reference. https://www.about.hsbc.com.hk/-/media/hong-kong/en/news-and-media/200205-website-hsbc-warns-against-phishing-email-eng-20200205.pdf