NatWest has issued an urgent warning to its customers about a sophisticated phishing scam circulating via email. The fraudulent messages attempt to trick recipients into handing over sensitive personal and financial data by falsely claiming that biometric logins are becoming a legal requirement.
How the NatWest phishing scam works
The scam emails, which have been targeting households throughout December 2025, contain a deceptive link. They instruct customers to click through to set up a biometric login, such as facial recognition or fingerprint access. The messages fraudulently state that this action is mandatory from 22 December 2025, citing new guidelines from the Financial Conduct Authority (FCA).
However, this claim is entirely false. While the FCA does require banks to implement Strong Customer Authentication (SCA)—which can include verification codes sent to a mobile phone—it has not made biometric logins a legal necessity. NatWest confirms that while it offers a biometric login option via its app for convenience, it is not compulsory.
Protect yourself: Steps to take
Customers are urged to ignore the demands of these emails. Clicking the link poses a serious risk of exposing your private data to criminals. The National Cyber Security Centre (NCSC) classifies such communications as phishing emails, designed to impersonate reputable sources to steal bank details, passwords, or credit card information.
NatWest and authorities advise the following protective measures:
- Never share personal data in response to an unsolicited email.
- Check the sender's display name against the actual email address carefully.
- Be suspicious of impersonal greetings like "hello friend".
- Do not click on links or download attachments if you have any doubts about the email's authenticity.
How to report fraudulent emails and websites
If you receive a suspicious email, you can help combat fraud by forwarding it to report@phishing.gov.uk. Suspicious websites can be reported directly via the National Cyber Security Centre's online portal.
NatWest reiterates that it will never ask customers to share sensitive personal information via email. Anyone who believes they may have fallen victim to this scam should contact their bank immediately.
