Main logo
Login
Main logo

Working together to help prevent fraud

Verify you are on an official HSS webpage

Fraud affects businesses of every size, and everyone has a role to play in preventing it. Criminals can impersonate trusted organisations using convincing emails, invoices, statements, payment reminders and websites. They may copy genuine branding, use the names of real employees and create email addresses or website domains that look very similar to legitimate ones.

This page provides the current list of domains approved for use by HSS Proservice, our current payment status, our official verification contacts and guidance on checking unexpected communications.

A logo, employee name, email signature, account reference or professional-looking document is not, by itself, proof that a communication is genuine. If something you’ve received is not from a domain listed on this page, or something does not appear right, please pause and contact us directly before taking any action — we're happy to confirm.

Best practice - Familiar branding, an employee name or a link to a genuine HSS website does not, by itself, prove that the rest of a communication is genuine. Always check the sender’s complete address and independently verify sensitive or payment-related requests.

Current HSS Proservice payment status

Please continue to use the HSS ProService payment details that your organisation has previously verified and holds in its approved supplier records.

HSS ProService may occasionally update its banking arrangements as part of normal business activity. Any genuine change will be formally communicated, published on this page with a clear effective date and available for independent verification through our Cash Allocation Team.

Never amend HSS ProService payment details, update your supplier records or redirect a payment based solely on an email, invoice, statement or attachment.

Status last reviewed: 17 July 2026

How genuine changes will be communicated

Any genuine change to our payment arrangements will:

  • Be communicated through authorised HSS channels.
  • Be published on this page with a clear effective date.
  • Provide customers with a way to verify the change independently.
  • Allow customers to follow their normal supplier, payment and approval controls.
  • Never require a customer to disregard a bank warning or beneficiary-name mismatch.
  • Never require a customer to bypass their organisation’s normal authorisation procedures.

Until a change has been published on this page and independently verified, do not amend the payment information held in your systems or redirect a payment.

Official HSS website domains

The following domains are approved HSS website domains:

  • hss.com
  • hssproservice.com
  • hsstraining.com

A third-party or associated website domain should only be included when HSS has confirmed its use and purpose.

Being listed as an official website domain does not automatically mean that the domain is also approved for sending email. Approved email domains are listed separately below.

Approved HSS email domains

Emails from HSS may be sent using the following domains:

  • hss.com
  • t.hss.com
  • cs.hss.com
  • hssproservice.com
  • speedy.proservice.co.uk

The important part of an email address is the information following the @ symbol. For example: name@hss.com

An address containing extra words, additional characters, a hyphen, a different ending or a spelling variation is a different domain unless it appears in the approved list above.

Do not rely solely on the displayed sender name. A message can display “HSS”, “HSS Accounts” or the name of an HSS employee while having been sent from an unrelated email address.

Official payment-verification contact

For HSS account, invoice and payment queries, contact:

HSS Cash Allocation Team
cashallocation@hss.com

Telephone: [insert central payment-verification telephone number]

When checking a communication, start a new email and type cashallocation@hss.com yourself.

Alternatively, call the central telephone number published on this page or another HSS number that your organisation already knows and trusts.

Do not use telephone numbers or email addresses contained only in the communication you are trying to verify.

Do not simply reply to a suspicious or unexpected email.

HSS uses a central team for payment enquiries. You do not need to depend on the availability of a particular individual to verify a payment request.

How to check an HSS email

Check the full sender address

Open or expand the sender details so that you can see the complete email address. Do not rely on the displayed name.

Pay particular attention to everything following the @ symbol and compare it with the approved email-domain list on this page.

Check links before opening them

On a computer, hover over a link to view its destination. On a mobile device, press and hold the link to preview it.

Check the full destination carefully. A link may include the letters “HSS” without being an HSS website.

Where you are uncertain, do not use the link in the message. Type one of our official website addresses directly into your browser and navigate to this verification page.

Check the request, not just the appearance

A genuine-looking logo, signature, account number, employee name or attached document is not proof that a communication is genuine.

Be particularly cautious where a message:

  • Requests payment to new or different bank details.
  • Asks you to change the HSS details held in your supplier records.
  • Creates unexpected urgency.
  • Threatens the immediate suspension of an account or service.
  • Asks you to bypass your normal approval process.
  • Tells you not to speak to your usual HSS contact.
  • Asks you to disregard a bank warning or beneficiary-name mismatch.

Verify independently

Any request involving new or different payment instructions should be checked separately with our Cash Allocation Team before money is transferred or supplier records are changed.

What HSS will and will not do

HSS may contact customers regarding invoices, account balances and payments.

However:

  • HSS will not expect customers to change bank details on the strength of an email alone.
  • HSS will not object to a customer independently checking a payment request.
  • HSS will not ask customers to disregard a warning from their bank.
  • HSS will not ask customers to bypass their established payment-approval procedures.
  • HSS will not regard branding, a signature or an attached document as sufficient verification of a change to payment instructions.

Any permanent statements about passwords, one-time security codes or card information should only be added after the relevant HSS operational and IT policies have been confirmed.

Frequently asked questions

Why does HSS publish a list of verified domains?

HSS may use different approved domains for different websites, brands, communication systems and service providers.

Publishing the current list in one permanent location enables customers to check a communication independently. It also allows HSS to update the list when an approved service or domain changes.

Does an HSS email always have to come from @hss.com?

The current approved email domains are shown on this page.

At present, hss.com is an approved HSS email domain. Any additional approved email-sending domains will be added to the table before they are used for customer communications.

If a sender’s domain is not listed, treat the message as unverified and contact us independently.

Examples of fraudulent email addresses

Fraudsters often create email addresses that look very similar to legitimate company domains. At a quick glance they can appear genuine.

Examples include:

  • accounts@hss-co.uk (extra word added)
  • payments@hss-co.com (different domain extension)
  • creditcontrol@hss.c0m (uses the number "0" instead of the letter "o")
  • accounts@hss-group.co.uk (additional wording)
  • finance@hsss.com (extra letter added)
  • accounts@hsspay.com (completely different but similar-looking domain)

The examples above are for illustration only and do not represent genuine HSS domains

What is the difference between an email domain and a website domain?

An email domain is the part of an email address following the @ symbol.

A website domain is the main address shown in your browser.

A domain can be approved for operating an HSS website without being approved for sending HSS emails. That is why this page lists them separately.

What is an HSS subdomain?

A subdomain appears before an approved domain.

For example, an address in the format:

service.hss.com

ends in the approved domain hss.com.

By contrast:

hss.com.some-other-site.example

does not end in hss.com and is not an HSS domain.

Customers should still compare any subdomain with the live approved list on this page.

An email uses an HSS logo and the name of an HSS employee. Is it genuine?

Not necessarily.

Names, job titles, signatures and logos can be copied. Always check the full sender address and independently verify any unusual or payment-related request.

An email includes a link to an HSS website. Does that prove the email is genuine?

No.

A fraudulent email can include genuine links alongside fraudulent contact details or payment instructions. Check the sender’s full email domain and independently verify the actual request.

What should I do if an email appears to come from someone I know at HSS?

Continue to apply the same checks, particularly where the communication involves:

  • New or different bank details.
  • An unusual payment request.
  • A change to supplier records.
  • Unusual urgency.
  • A departure from your normal process.

A known account or email conversation can potentially be compromised. Verify sensitive requests separately with our Cash Allocation Team.

What should I do if a domain is not listed?

Do not reply to the message, make payment, change your records or use the contact information supplied in it.

Start a new email to cashallocation@hss.com or call the central telephone number published on this page.

Does HSS ProService ever change its bank details?

Yes. Like other businesses, HSS ProService may occasionally update its banking arrangements.

Any genuine change will be formally communicated, published on this page with an effective date and available for independent verification through our Cash Allocation Team.

Never update our payment details on the strength of an email, invoice, statement or attachment alone.

How will I know whether a change is genuine?

Before changing your supplier records or making a payment to a new account:

  • Check that the sender’s domain is listed on this page.
  • Check that the change and effective date are shown in the current payment-status section.
  • Independently contact the HSS Cash Allocation Team using the details published on this page or details already held in your approved records.
  • Check the beneficiary name presented by your bank.
  • Complete your organisation’s normal supplier-data and payment-approval process.

These checks should be completed before any change is made.

Can I verify a change by replying to the email?

No. Start a new email to cashallocation@hss.com or call a trusted HSS telephone number.

Replying within the same conversation could continue a communication that has been created, intercepted or controlled by a fraudster.

Is an email from an approved HSS domain automatically genuine?

An approved domain is an important check, but it should not be the only check used when payment details are involved.

Any request involving new or different payment instructions should still be compared with the current status on this page and independently verified.

What should I do if an email and this page contain different information?

Do not make payment or amend your records.

Contact HSS independently using the official details published on this page. Do not use the telephone number, email address or payment details contained within the communication that created the discrepancy.

What should I do if my bank shows a beneficiary-name warning?

Pause the payment.

Do not disregard a Confirmation of Payee warning, account-name mismatch or other warning displayed by your bank. Independently check the payment details with HSS before continuing.

What should I do if I have already made a payment?

Contact your bank immediately and explain that the payment may have been made as a result of fraud.

Then contact the HSS Cash Allocation Team using the details on this page.

Retain the original email, attachments, payment information and any subsequent correspondence. Do not delete or alter them.

What should I do if I have opened an attachment or followed a link?

Do not provide any further information or make payment.

If you entered a password or security information, contact your organisation’s IT or security team immediately and follow its account-security process.

If you disclosed banking information or made a payment, contact your bank immediately.

How can I report a suspicious HSS communication?

Forward the original message as an attachment to:

[insert central fraud-reporting or security mailbox]

For payment-related concerns, you should also contact:

cashallocation@hss.com

Page last reviewed: 17 July 2026, 10:28
Payment-status information maintained by: HSS Finance
Approved-domain information maintained by: HSS Information Security