10th January 2018
We have received reports about fraudsters sending out a range of messages purporting to be from NatWest that lead to websites harvesting personal banking information.
Fraudsters are using specialist software which alters the sender ID on the message so that it appears as if it’s come from NatWest, adding it to any existing message threads on the recipient’s phone.
If you already bank with NatWest and had a legitimate message from them in the past this could easily catch you out. It seems to be targeting individuals regardless of whether they are customers of NatWest or not.
If you click on the link you’ll be taken to an exact replica of the NatWest website that asks for sensitive personal information including full name, address, contact details, PIN and debit card numbers.
This is known as smishing. Smishing is when criminals pretend a message is from your bank or another organisation you trust. They will usually tell you there has been fraud on your account and will ask you to deal with it by calling a number or visiting a fake website to update your personal details.
Fraudsters are also using social engineering when text messages don’t work
Interestingly some victims have also received calls purporting to be from NatWest after receiving these scam text messages. One woman reported receiving a fake text message like the ones above that urged her to “avoid account suspension" - which she ignored.
Later on that day she received a call from a withheld number on her mobile phone from a fraudster posing as a member of the NatWest security team. The fraudster said she would be sent a text message with a 6 digit security code and once she received it to immediately tell him what that code was.
The text came through instantly whilst she was still on the phone and she gave the fraudster the code. This was in fact a genuine NatWest message which contained a warning not to disclose the code.
The victim then got a real text from NatWest to say a different mobile number to her own had been registered to her NatWest mobile banking app. After the victim immediately checked her app she found £130 had been removed via the Get Cash function. NatWest are investigating the fraud.
A genuine bank or organisation will never contact you in this way. Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by. Take Five to stop fraud.
Report fraud and cyber crime and receive a police crime reference number.
Sign up for free to Action Fraud Alert to receive direct, verified, accurate information about scams and fraud in your area by email, recorded voice and text message.