/ Scams

Scam alert: fake NatWest ‘new device registered’ texts

Fake texts claiming to be from NatWest stating that ‘a new device has been registered’ with your account are circulating. Here’s what to watch out for.

We’ve noticed that NatWest customers are being targeted by fake text messages lately, aiming to send recipients through to a website that has nothing to do with the bank.

The texts say that ‘a new device has been registered’ and provide a link to follow. At first glance the text is quite convincing – NatWest is named as the sender and the message doesn’t contain any glaring mistakes:

The people behind the text are hoping that the message will panic you into moving onto the website quickly, without spotting that the URL is not legitimate. When we attempted to follow the link, we were stopped by our browser, which warned us of a ‘deceptive site ahead’ and claimed that it had ‘recently detected phishing’ on the site.

Fake text messages like this have become increasingly common. Legitimate businesses, including banks, do send texts on these subjects to customers, so the formats can be easy to clone. That’s why we launched a guide to SMS Best Practice in September.

The goal is to get a victim to part with sensitive information, such as card numbers and online banking access codes.

Protecting yourself from fake texts

We showed a copy of the text to NatWest, which confirmed that it was not sent by the bank. It’s also been advising members of the public on Twitter on how to deal with them:

NatWest shared its top five tips with us for when you receive a text message asking you to follow a link:

⚠ Never give your Online Banking PIN, password, card reader codes or mobile app codes to anyone via text.

⚠ Do not phone the number included in the message, criminals on the other end might persuade you to give away personal information. You will always find the correct number on the official bank website.

⚠ Real NatWest text messages may contain links to our websites, but, like our emails, never link to pages that ask for any online banking or full card details.

⚠ If you have already clicked on a suspicious link, we advise you to run a scan with your antivirus software to check your device for any malicious software.

⚠ Make sure you have the latest anti-virus software on your device as it helps keep your device secure.

If you believe you may have been the victim of a scam like this, let the bank know via its legitimate channels immediately.

Guide: how to spot a scam

Guide: how to get your money back after a scam

Remember, fake texts can also be forwarded to Ofcom’s spam reporting service 7726 (spells SPAM on the keyboard).

Have you received fake text claiming to be from banks in early 2022? Have you noticed an increase in this type of phishing attempt? Let us know in the comments.


The Which? SMS Best Practice Guide states: “Don’t use hyperlinks unless absolutely necessary – scammers rely on getting people to click on links so it’s best if companies don’t use them at all. However, in some situations, including links can be more convenient for consumers, so in these cases businesses must use easily verifiable URLs so consumers can check they are legitimate.”

Even if legitimate businesses avoid hyperlinks in texts, scammers do not, as this example shows.

Some companies and other organisations seem to manage fine without using hyperlinks in their text messages and I wonder if this convenience has had its day.

If banks are going to address their customers with “Hiya . . .” then it’s no wonder people fall prey to scammers.

Some of the most insidious scams are based on the “if this was not you . . .” formula. Anything along those lines should be treated with the utmost caution because it is nearly always based on a false premise and setting up anxiety leading to a panic reaction.

lilian says:
13 January 2022

i constantly get phone calls claiming to be from amazon, i shop very often on amazon but they ring me even at 6am telling me someone has spent 700 pounds on my account but it is a scam , but i am sick of it

I too get the same claiming to be from amazon, As soon as the message starts claiming to be from amazon i shut it down.

I had two calls from “Amazon” at 6 pm. A third call at the same ungodly hour I left unanswered. I’ve not had any since.

Sorry! The calls were at 6 AM in the morning!

I’d never buy a luxury egg! A bar of chocolate is much more economical by comparison

The above comment relates to the ‘Spotlight Poll’ adjacent to the introduction to this Conversation titled “How much would you typically spend on a luxury Easter egg?“.

Easter is not until the middle of April this year so I don’t understand why this poll has appeared now or why it invites readers to “tell us in the comments” if they have other ideas on the price brackets.

I note that a quarter of people doing the Poll believe it is possible to get a luxury Easter egg for under £5.

There are times when I wonder whether Which? is feeling alright.

It’s annoying that retailers offer coupons, entry to competitions, etc via clicking a hyperlink in an email (which often contains a non-personalised greeting such as “Hiya”, as pointed out by John Ward).

I set up an online account every time I purchase from a new seller, and would expect to be able to log into the account and find the incentives there, if they are genuine.

Mrs Susan Furness says:
13 January 2022

Do not order from “Lotren Online Store”. I was about to place an order, until the checkout directed me to a page which asked me to log in to my bank account, rather than taking my credit card info. No way!! Unfortunately they now have my name and address, though, as it happens, the address was mistyped so I’ll recognise anything which comes from them. Further checks confirmed this is a scam website. They emailed me to thank me for my order, which I did not place, and say it is being processed. I await further developments, but hope there will be none.

Thanks for reporting this, Susan.

The advice seems to assume that all bogus hyperlinks are of the phishing type, asking the recipient to part with personal information. But there is another category of hyperlink, which loads malware onto the recipient’s device immediately it is clicked on, without further action needed. This second type is even more insidious. Have I understood the situation correctly?

Sheila Bennett says:
13 January 2022

I had a similar text message about my account with Santander. As I don’t have an account with them I just deleted it.

John Druce says:
13 January 2022

I had a bill on the email purporting to come from ‘Brilliant Energy’. This is an energy firm that I was with and collapsed about a couple of years ago. I did of course ignore this email and just deleted it.

I had the nat west new device msg started to respond . But then contacted Nat West security by phone. They confirmed my account was still OK but to change some information. I also have no been constantly getting msg from curry s but delete right away.

Martyn says:
13 January 2022

I received message from Halifax telling me A NEW PAYEE has been added to your account AT 13/1/2022 ON 11:49. If this was NOT you please confirm at: https://web-secure portal.com/halifax .I did click on this link, it came up with a warning that the web address is blocked. I checked my phone for any security breech but no problems showed up. Having seen the NatWest scam, it confirmed my suspicion that my phone message was a scam

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Pam V says:
13 January 2022

I had a text supposedly from NatWest confirming that I had set up a new beneficiary on 11/01. It asked me to visit natwest.login-effect-mobile.com. I don’t even have a NatWest account!!

My wife had one of these yesterday from SANTANBANK which wasn’t very convincing.

Luke received this response from NatWest:

⚠ Real NatWest text messages may contain links to our websites, but, like our emails, never link to pages that ask for any online banking or full card details.

@ljeffer – Hi Luke – As a NatWest customer I am not happy about the bank using any links in their emails or text messages because there is a small possibility that these could be scams. I would prefer that they sent simple texts or emails that advised me to log onto my account and check for messages.

That would apply to any email and message. At present, the best advice is not to click on a link unless you are absolutely sure of the sender, but how many people wll that advice reach or be taken notice of?

With email spoofing commonplace, how many could be sure of the sender? Is it not better for responsible organisations to phase out their use of links?

Of course, if that were universal. My suggestion was what to do meantime.

I accept that, Malcolm, but I think we have to push more to get businesses and other organisations to tackle fraud. It has been said that sending texts and emails with links is convenient for resetting a password. That’s undoubtedly true but there are alternatives and thankfully some companies are using them.

I would like to know where there is a necessity or strong advantage in using links in texts and emails.

Many of us protected ourselves from misdirected transfers by copying and pasting account numbers and sort codes and sending trial payments, but the real step forward was when the banks eventually introduced Confirmation of Payee to protect us.

I would like consumers to fight for improvements and adoption of best practice as long as the requests are reasonable.

i keep getting junk emails from random names with messages like “here are the pictures – hope i am not too late sending them – and then a bitly link.”

I’ve taken screenshots of the messages and managed to ID the Brazilian email addresses they have emanated from! Not reported them yet.

PS I never click on the links.

rgradeless says:
17 January 2022

I use Spamcop to report suspect emails. The email can be reported to Spamcop which analyses the email to find out who (actually) sent it. It provides a message for the webmaster(s) of the offending site(s) which you can send. Spamcop maintains a list of offending originating domains which some email servers use to mark emails from that domain as spam. Setting up to use Spamcop takes a bit of time to prevent your own ISP being reported on. To report an email you send the message source to Spamcop. For instance, in Windows Live Mail right-click on the email in the folder, click on Properties, then select the Details tab and click Message Source … . This reveals the message source which can be pasted into Spamcop. Getting the message source takes just a few seconds. It can take up to 6 or so seconds for Spamcop return its analysis. You can then decide whether to report the email as spam.

This type of message only serves to show how important the understanding and correct application of the English language is i.e. “if this was not done by you” – long may it be before scammers use English grammar correctly. The misuse of the word ‘done’ and poor grammar sadly proliferates (especially) from those commentating on football and seemingly many from the East End of London and Essex.

Please don’t educate these people, scammers appear to mimic them which means it gives us a better chance of spotting their sickening attempts to scam the innocents.

Jakey says:
18 January 2022

I wouldn’t buy a ‘luxury’ Easter egg full stop.

Rosina Moment says:
27 January 2022

I received a text from NatWest telling me I had gone over my overdraft limits and should pay in cash to avoid charges. checked my account in case I had been scammed but all was ok so I ignored the text. This was last week

Rose Williams says:
12 February 2022

I had the same last wk as well so called from nat West

Rose Williams says:
12 February 2022

If I get a text I go round to nat West to make sure it’s of them