Beat the Scam Scam checks, alerts, and consumer protection guides
Home / Guides / Email Scams / NatWest Phishing Email Scam: UK Guide to Spotting Fake Messages
Email Scams

NatWest Phishing Email Scam: UK Guide to Spotting Fake Messages

Scammers are sending fake NatWest emails that look almost identical to real bank messages — here's how to tell them apart.

Published 2026-04-27 · Beat the Scam Editorial Team · 7 min read

NatWest phishing emailfake NatWest email UKNatWest scam emailphishing email bankhow to spot fake bank emails
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.
On this page
  1. What is this scam?
  2. Warning signs to look for
  3. How this scam works step by step
  4. How to verify if it is genuine
  5. What to do if you have already interacted
  6. Reporting this scam in the UK

What is this scam?

NatWest phishing emails are fake messages that appear to come from NatWest, one of the UK's largest banks. Scammers send these emails to trick customers into clicking malicious links or downloading attachments that steal banking credentials, personal details, and money. These emails typically claim there's an urgent problem with your account — such as suspicious activity, a blocked card, or a security update needed — to create panic and rush you into action without thinking carefully. The goal is always to get you to either enter your login details on a fake website, provide sensitive information directly, or install malware. NatWest customers are frequently targeted because the bank has millions of users, making these scams effective at scale.

Warning signs to look for

  • Generic greeting such as 'Dear Customer' or 'Dear User' instead of your actual name or account number.
  • Urgent language demanding immediate action: 'Your account will be closed', 'Verify within 24 hours', or 'Unusual activity detected'.
  • Links that don't match NatWest's official domain — hover over any link and check the URL doesn't include 'natwest.com' or shows a suspicious domain like 'natwestsecure-verify.com' or similar variations.
  • Asking you to confirm or enter passwords, PINs, security details, or card numbers — NatWest never asks for these by email.
  • Poor spelling, grammar, or formatting that looks unprofessional or rushed.
  • Sender email address that's not from @natwest.com — check the full email address, not just the display name.
  • Attachments claiming to be documents, statements, or forms — legitimate NatWest emails rarely include attachments.
  • Requests to call a number provided in the email or click a link to phone customer service rather than using the official number on your bank card or statement.

How this scam works step by step

First, scammers research NatWest's branding, email templates, and typical customer messages to create convincing fakes. They then send thousands of emails to potential victims, using generic greetings and urgent subject lines like 'Immediate Action Required' or 'Unusual Account Activity'. The email contains a link that appears to go to NatWest but actually leads to a fake website controlled by the scammer — a site that looks almost identical to the real NatWest login page. When you click the link and enter your username, password, or card details, the scammer captures this information in real-time. Some phishing emails also contain attachments with malware that installs a keystroke logger, which records everything you type on your computer, including banking passwords. Once the scammer has your credentials, they log into your real NatWest account, change your security settings, transfer your money, or use your identity to commit fraud. By the time you realise what's happened, the money is often already gone or the account has been locked by the scammer.

How to verify if it is genuine

Never click links in emails claiming to be from NatWest, even if they look official. Instead, open a new browser window and go directly to natwest.com by typing the address yourself or using a bookmark — this ensures you reach the real website, not a fake one. Log in to your NatWest account via the official app or website and check for any alerts or messages in your secure message centre. If you're concerned about account activity, call NatWest customer service on the number printed on your bank card or statement — never use a phone number from the email. Real NatWest emails will contain your name, reference numbers, or specific account details; generic greetings are a red flag. You can also check NatWest's official social media accounts or website to see if there's a warning about current phishing campaigns. For more detailed guidance on spotting fake websites, read our guide on /guides/is-this-website-a-scam/.

What to do if you have already interacted

If you've clicked a link or downloaded an attachment, act immediately. First, change your NatWest password right now using the official app or website — don't use a computer that may be infected. Call NatWest on the number on your bank card (not any number from the email) to inform them you may have been phished; they can flag your account and monitor for fraudulent activity. Check your account for unauthorised transactions and freeze or cancel your debit and credit cards if needed. Run a full antivirus scan on your computer using Windows Defender, Malwarebytes, or Norton to remove any malware. If you've given away your Personal Security Number, PIN, or card details, tell NatWest immediately so they can protect your account. Monitor your bank statements closely for the next few months for any suspicious transfers or purchases. Contact Action Fraud on 0300 123 2040 to report the phishing attempt. Consider enabling two-factor authentication on your NatWest account for extra security.

Reporting this scam in the UK

Report the phishing email immediately to the National Cyber Security Centre (NCSC) by forwarding it to report@phishing.gov.uk — include the full email headers if possible. This helps the NCSC track phishing campaigns and take down fake websites quickly. You should also report the scam to Action Fraud, the UK's national fraud reporting service, by calling 0300 123 2040 or visiting actionfraud.police.uk — they log reports which help law enforcement identify patterns and prosecute scammers. Inform NatWest directly by reporting the email through their official channels: use the 'Report Fraud' option in the NatWest app or website, or call the fraud team. If the phishing email came with a suspicious text message, forward it to 7726 (free from any UK mobile). You can also contact Citizens Advice consumer helpline on 0808 223 1133 if you need guidance on next steps or have lost money. Keep a record of the fake email, the URL you were directed to, and any emails from the scammer for evidence.

Frequently asked questions

Is NatWest a legitimate bank or is it a scam?

NatWest is a real, regulated UK bank owned by the NatWest Group and is absolutely legitimate. However, scammers frequently use NatWest's name and branding in fake emails to trick customers into revealing information. The scam is not NatWest itself — it's criminals impersonating NatWest to steal from real customers. Always verify any NatWest email by contacting the bank directly using the number on your card, never by clicking links in the email.

What should I do if I've already sent money to a scammer?

Contact NatWest immediately on the number on your bank card to report the fraud and ask them to freeze the account the money was sent to. Time is critical — if the scammer hasn't withdrawn the funds yet, NatWest may be able to recover them. Report the fraud to Action Fraud (0300 123 2040) and your local police — you'll need a crime reference number for your insurance and bank records. Most banks can only recover money if the fraud is reported within a few hours, so act fast.

Why do NatWest phishing emails often mention 'unusual activity' or 'verify your account'?

Scammers use these phrases because they create urgency and fear, making you less likely to think carefully before clicking. Mentioning 'unusual activity' or 'security verification needed' mirrors real bank alerts, which is why the emails look so convincing. Real NatWest alerts will never ask you to click a link or enter details — they'll direct you to log in to your account directly or call the bank. If an email creates a sense of panic, that's often a sign it's fake.

How do I report a NatWest phishing email?

Forward the suspicious email to the NCSC at report@phishing.gov.uk to help shut down the fake website. Report it to NatWest using their in-app fraud reporting tool or by calling the number on your bank card. File a report with Action Fraud on 0300 123 2040 or via actionfraud.police.uk. These reports help authorities identify and stop phishing campaigns, protecting other customers from the same scam.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.