Email Scams

NatWest Phishing Emails: Spot a Fake NatWest Email (UK)

Scammers are sending fake NatWest emails that look almost identical to real bank messages — here's how to tell them apart.

· · · 5 min read

NatWest phishing emailfake NatWest emailNatWest scam emailis this NatWest email realNatWest verify account emailNatWest unusual activity emailNatWest smishing emailreport NatWest phishing
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.

What a fake NatWest email looks like

A NatWest phishing email imitates the bank so you click a link and give away login details, card details, passwords, one-time codes, or personal information. An example of the style is an email from a display name such as NatWest with a subject like Unusual activity detected on your account, followed by a button saying Restore access.

The pretext changes - a blocked payment, a new device, a locked account, or a security check - but the goal is to rush you onto a fake NatWest sign-in page. The link may point to a lookalike such as natwest-secure-verify.example. Check through the NatWest app or website yourself, not through the email.

Why these NatWest emails fool people

Phishing emails can copy NatWest branding, and the visible sender name can be set to almost anything. Link text can look like a real NatWest address while leading somewhere else. A message can also come from a compromised mailbox, so checking only the sender display name is not enough.

NatWest says scam emails often impersonate trusted organisations and advises customers to avoid clicking links, QR codes, and attachments from unknown sources. NatWest also says it will include some personal details in its emails, such as part of your name and postcode. That makes a generic urgent email more suspicious, but the safest check is still to go to NatWest independently.

Signs a NatWest email is phishing

  • A generic greeting such as Dear Customer, especially with urgent pressure.
  • The sender address is not clearly NatWest-owned, or a link points to an unfamiliar domain.
  • It pushes you to verify, restore, secure, or unlock your account through a button.
  • It asks for your password, PIN, full card details, one-time passcode, or bank account details.
  • It tells you to move money to a new or "safe" account.
  • It includes an unexpected attachment or QR code.
  • Spelling and layout errors can help, but polished emails can still be scams.

How the NatWest email scam works

First, an email lands that looks like a NatWest security alert. Second, it pushes you to click a link or open an attachment. Third, the link opens a copycat login page or form. Fourth, anything you type is captured by criminals. Fifth, the fake page may ask for a one-time passcode so the criminals can approve a login or payment in real time.

Checking through the NatWest app, by typing the address yourself, or by calling the number on your card stops the scam before you hand over details.

How to check if a NatWest email is genuine

Do not click links or open attachments in a suspicious email. Instead:

  • Open the NatWest app and check messages and account activity there.
  • Type natwest.com yourself, or use a trusted bookmark.
  • Call the number on the back of your card.
  • Use 159 if you need a safe route back to your bank. Stop Scams UK lists NatWest as a 159 participant.
  • If the email cannot be confirmed independently, treat it as suspicious.

Our guide on Is This Website a Scam? A Practical Checklist Before You Buy helps you check a suspicious linked site, and our NatWest Scam Texts: How to Spot a Fake NatWest SMS (UK) guide covers the same scam by text.

If you clicked or shared details

Act quickly. If you entered login details, card details, or a one-time code, contact NatWest immediately using the app, 159, or the number on your card. Tell them you may have been phished and ask them to secure the account and check for payments, new payees, or changes you do not recognise.

Change your NatWest password only through the official app or website. Change it anywhere else you reused it. If you shared card details, ask for the card to be stopped and reissued. If you opened an attachment, run a security scan.

If you sent money by UK bank transfer on or after 7 October 2024, mandatory APP fraud reimbursement rules may apply to Faster Payments and CHAPS transfers. The PSR rules include a 13-month claim window, a maximum claim amount of £85,000, possible exclusions, and a possible excess of up to £100. Report the scam to NatWest as soon as possible and keep the email and related messages.

If you gave away personal information that could be used for identity fraud, consider Cifas Protective Registration at cifas.org.uk and monitor your credit reports with Experian, Equifax, and TransUnion.

How to report a fake NatWest email (UK)

Forward the suspicious email to the NCSC at report@phishing.gov.uk. NCSC says it can analyse reported emails and the websites they link to, and work to remove malicious links where found.

Report suspicious NatWest emails to phishing@natwest.com, as NatWest advises. If the same scam reached you by text, forward the text to 7726.

If you lost money, shared sensitive information, or were hacked, report it to Report Fraud at reportfraud.police.uk or on 0300 123 2040 if you are in England, Wales, or Northern Ireland. In Scotland, report to Police Scotland on 101.

Frequently asked questions

Does NatWest send emails with links?

Genuine bank emails can contain links, so a link alone is not proof of a scam. The safer rule is not to use email links to log in, confirm details, enter one-time codes, or move money.

How can I tell who really sent a NatWest email?

Check the full sender address and links, but do not rely on those checks alone. Sender names can be faked and links can be disguised. Verify through the app, by typing natwest.com, or by calling the number on your card.

I clicked the link and entered my details - what now?

Contact NatWest immediately using the app, 159, or the number on your card. Change your password through the official app or site, stop your card if card details were shared, and report any payment you did not make.

Can I get my money back after a NatWest email scam?

Possibly. Report it to NatWest immediately. APP reimbursement rules may cover eligible UK bank transfers over Faster Payments or CHAPS made on or after 7 October 2024, subject to the PSR rules, limits, and exclusions. Card payments have different protections, such as chargeback.

How do I report a fake NatWest email?

Forward it to report@phishing.gov.uk and phishing@natwest.com. If it also came by text, forward the text to 7726. If you lost money, report it to Report Fraud or to Police Scotland on 101 if you are in Scotland.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.

Reporting routes in this guide are checked against our verified canon of official UK sources — Action Fraud, the National Cyber Security Centre, and Citizens Advice — by an automated accuracy gate before publication. Fact-checked and updated by , Founder & Editor, on 2026-06-28. Read about how Beat the Scam writes guides.