Email fraud or 'phishing'
What is email fraud or ‘phishing’?
- Phishing is contact made by email.
- The fraudster impersonates a well-known business or government department to get you to click on a link and enter personal details or open an attachment.
- Scare tactics are often used, so you’ll act without thinking.
- Phishing emails are sent to thousands of email addresses in the hope that some people will act. They don’t usually contain personalised information.
What to look out for
- Be wary of emails with attachments or prompts to open links. These might take you to fake webpages or infect your computer with malware.
- When you receive an email, check it for signs that it may not be from who it claims to be from. Is the email address the same as the one the company usually use?
- Check the grammar and spelling. This can be a big giveaway of a scam email.
- Remember, we’ll never ask you to enter your full PIN and password details on any website.
- Watch out for any prompts to click on links or to download a file. Something like ‘Verify/update your account details’ is likely to take you to a copycat website to fill in your confidential details.
- Check if the email is personalised. Does it have information like your name, your postcode or part of your account number? If there’s no personalisation, treat it with suspicion.
Actions you can take now
- Share this page with employees and colleagues, so they know what to look out for. Put training in place and build a culture of security awareness. You can use our webinars and resources to help.
- For the latest cyber security advice and resources, visit the National Cyber Security Centre (NCSC).
- If someone does fall victim to a phishing scam, encourage them to speak out. The quicker it’s identified, the sooner you can act.
- Forward any suspicious emails referring to NatWest to firstname.lastname@example.org. Most large companies will have their own mailbox for reporting phishing emails.
Always think twice and make double checking second nature
Take Five to stop fraud
Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.