Beware of fake news about the new fraud refund program

Which? is warning the public to be on the lookout for scams in the coming weeks and months in connection with a new fraudulent refund scheme.

From 7 October 2024, all businesses using Faster Payments (real-time transfers between UK bank accounts) will be subject to Refunds for victims of authorized push payments (APP fraud)which means that customers will receive real messages about this system from their banks and other payment companies.

Fraudsters like to pounce on anything that makes headlines as it makes their fakes harder to spot. Which? has already seen an example of a phishing attack by scammers posing as NatWest.

We expect that there will be additional cases of identity fraud both as the program deadline approaches and during the first few months of the program.

Read on to learn what an example of this scam looks like and how you can recognize such a scam.

Phishing email from NatWest

Which? has discovered a sophisticated phishing email purporting to be from NatWest, informing the intended recipient about “new UK consumer protection rules against fraud” on the evening of 10 September.

Customers are asked to “verify” their mobile phone numbers, which will ensure they are “instantly notified of any transactions made through their account” and can “report any suspicious payment alerts.”

Upon closer inspection, it turns out that the email was sent from “[email protected]”, which has nothing to do with NatWest. However, this can easily be overlooked in many inboxes if you don't click to check the sender address.

Anyone who clicked on the web link provided would have been directed to a convincing NatWest copycat website, shown below.

The Copycat website has all the correct branding and first asks for a customer number or card number, then for PIN and password, home address, mobile number and bank account details, giving the criminals everything they need to Identity fraud and potentially break into accounts.

Report copycat websites

A major obstacle in the fight against fraud is that removing malicious websites and phone numbers can take far too long.

In this case, Which? reported the fraudulent website to the domain registrar (a company that allows individuals or businesses to register and purchase a website), NatWest's press office and Google Safe Browsing as soon as we discovered it on Wednesday 11 September.

However, the malware was still active and may have stolen banking credentials and customers' personal information six days later, on Tuesday, September 17.

Why sharing fraud data is so important

Fraud has devastating consequences both financially and emotionally.

The fight against this horrific crime can only be truly effective with a cross-sector approach. Which? is calling on industries such as the banking sector, social media companies and telecoms providers to work together and share information about fraud cases.

In order to close the gaps in protection, domain registrars must also take action. We recently examined the extent of the Copycat bank websites in the UKyet the companies that sell these websites to scammers are often left out of the larger debate.

• Learn more: Fraud victims with mental health problems are less likely to receive compensation