Fraudsters are at it once again, tricking personal banking customers into divulging their personal information. This time, they’re targeting customers who bank with NatWest, sending out fake text messages under the guise of an official NatWest security team alert. They’ve already been successful in their money grab, conning at least one woman out of over £100. Read on to discover what this scam entails and how to keep yourself safe.
Unfortunately, this is one of the most authentic-looking scams we’ve seen in a long time. As you’ll likely be aware, any text messages received from a contact are stored within the same chain of messages under that contact’s name, providing they are not deleted. Well, fraudsters have managed to make their fake text messages appear within the same message chain as previous, genuine messages received from NatWest, meaning that it would appear they are part of the same conversation with genuine bank operatives.
How does the scam work?
First, a little background on how the fraudsters have achieved such a clever – if dishonest – trick. If you're operating a business, or even if you're not, then you can set up something called an 'alpha tag'. This allows you to send and receive text messages from and to a name, rather than a number. When you receive genuine messages from your bank, mobile phone carrier or television package provider for example, you’ll probably be used to seeing the name of the company as opposed to a phone number.
Somehow, the fraudsters involved in this scam have managed to spoof (reproduce) the 'NatWest' alpha tag, allowing them to insert their own messages into the same chain as previous conversations with the bank itself. Rather than genuine advice or information, the message contains a link to a malicious replica version of the NatWest website, which then asks you for personal information, including your address, card number and PIN; all the information that a fraudster would need to make countless online purchases using your account.
How to separate genuine messages from fake texts
Whether you’ve received text messages from NatWest in the past or not, you’ll still see the sender appear as ‘NatWest’ at the header of the fake messages, so you can’t simply delete your old message chains to protect yourself. However, there are other key points to be aware of that will help keep you and your money safe. Simply remember the following points:
- Genuine text messages will never ask for your PIN or password(s);
- Banks will never ask you to transfer money to another account “for safe keeping”;
- You will never be expected to click on a link to update your personal information.
Unfortunately, fraudsters like to play on our emotions to elicit a more emotional, uncontrolled response, and encourage us to act without thinking properly. This is likely why they’ve chosen to refer to a ‘suspicious login’ in their fake texts, in the hope that you’ll blindly follow their false link to update your details. If you do feel concerned that a text could be genuine and your account at risk, never click on a link or dial a number contained in the text; instead, call the number on an official letter or statement, or on the back of your debit card.
Finally, if you receive the template text message shown above in the picture and are sure it’s a spoofed message, then NatWest ask that you forward it onto the number ‘8835’, which the bank will use to monitor the situation.
Beware the phone call
Though you may be able to spot the text a mile away now that you’ve read the above information, you should be wary of potential phone calls that may make the situation seem even more believable.
Action Fraud have highlighted a single instance where the fraudsters have been successful in conning a woman of £130. The victim ignored the first message received, but was brazenly targeted by a follow-up telephone call. The caller claimed that a 6-digit code would be sent to the woman’s phone to verify the identity of the caller, and that they would require the number.
It was in fact the security code that allows you to use the ‘Get Cash’ function of the NatWest mobile app, a feature that allows you to withdraw money in an emergency without having your physical card with you. Upon checking her online banking, the victim discovered £130 to be missing.
Speak to WiseGuys
If you’re unsure as to whether a text message is genuine, then please don’t click on any links or respond to any of the messages. If you’d like some general advice or help with a specific message, you can speak to WiseGuys on 0808 123 2820.