Beware the NatWest scam hitting customers

Updated: 

NatWest branchMartin Rickett/PA Wire/Press Association Images

The con artists operating email scams are the lowest of the low. They wait until you are at your lowest ebb, struggling for cash or desperate for help, and then they strike.

So as NatWest customers face their seventh day of trials and tribulations, they have become the targets of a cruel email scam.

The scam

The emails claim to have come from Stephen Hester, the head of RBS, and begins with an apology. This is cashing in on the public apologies he has issued - and the apologetic emails he has sent around to customers during the process, explaining how the problem arose and what they can do.

The bogus email goes on to say that in order to put the systems right, the bank needs to perform a 'security upgrade' which will require all customers to update their security information.


If you click on the link in the email it will take you to a convincing copy of the NatWest site, and asks you to enter your account details - at which point the criminals swoop and extract the cash from your account.

The risks

Graham Cluley, Senior Technology Consultant at Sophos says there is nothing new about this sort of phishing, but adds that this attack is dangerous for two reasons. Firstly it is catching people at their most desperate. He explains: "Most people are cynical about these sorts of emails, simply because they get so many of them, but many are in a different situation this week. They may be waiting for a message from their bank, so when they get one they assume it is genuine and click on the link without thinking."

Secondly, the site it directs people to is very convincing. He adds: "It is so easy to create a convincing copy, because you can steal the code and make it look identical."

Protect yourself

Given that NatWest has sent personal emails to customers, it's easy to see how people could be convinced this is something similar. However, NatWest highlights: "We never send emails asking customers to verify, confirm or update their online banking details. We never ask customers to enter their full PIN and password when logging into online banking – you will only ever be asked for random portions of your security details. We never ask customers for additional information, such as account number, card number or address, when logging into online banking."

Cluley says the usual rules apply when it comes to phishing: be suspicious of all unsolicited emails, be suspicious of anything that asks you to confirm your password, never click on a link in an email (type in the web address you know to be accurate yourself), and keep your spam and anti-virus software up to date as an extra level of security.

The top 10 scams of 2011

The top 10 scams of 2011


More stories

SPONSORED FINANCIAL CONTENT