NatWest “Secure Message” Scam Email

A scam email is doing the rounds claiming to contain a Secure Message from NatWest.

Do not open this email, as it will download malware to infect your computer.

At first glance it looks very convincing as it appears to come from a genuine NatWest email address (easily faked).   The professional wording and layout, the normal warnings about not giving out your full password/PIN that you would expect in a bank email, and even genuine contact details for the FSCS are all designed to fool you into thinking it is genuine.

But there are some clues that this is a fake:

  1. The most obvious clue is the attachment – particularly the .doc extension on the attached file.  This indicates an older version of a Microsoft Word document, which can easily incorporate a virus or software components to access your computer’s data.
  2. A genuine secure message from your bank would involve logging onto your account via their official website.  No bank, public body, company or any other reputable organisation would ever send a secure message in an attachment – and certainly not in a Word document.
  3. The “secure message” expires more than a month before the email was sent!
  4. The FSCS is one of those acronyms many people have vaguely heard of and is included to make the email seem more credible.  But it means Financial Services Compensation Scheme, which is hardly relevant to a secure message from your bank.
  5. Another clue in this particular instance is that it was received on an email address that had only ever been given to the Sunday Times Wine Club and had never been given to NatWest.   The recipient of the email gives each organisation they have dealings with separate email addresses in order to help identify where data breaches occur.

If you receive a suspicious email appearing to be from NatWest you can report it to them using the email address: phishing@natwest.com.  Other financial institutions will have an equivalent email address, typically phishing@ + their domain name.

You can also report this type of email to Action Fraud.