Beware Phishing Emails on New Fraud Reimbursement Scheme

Living Magazines Hertfordshire Constabulary

Scammers have been taking advantage of new rules introduced to protect consumers making online payments.

From 7 October 2024 new rules mean that fraud victims who have lost money via Authorised Push Payments (APP) should be able to recover their money due to a new mandatory reimbursement scheme. Under the new rules, all payment service providers must reimburse consumers who lose money to fraud when using Faster Payments (real-time transfers between UK bank accounts).

Which? reported that people have received convincing phishing emails, claiming to be from NatWest, during September, referencing the ‘new UK Consumer Protection rules against fraud’. The email invited customers to ‘verify’ their mobile numbers, ensuring they would ‘get notified of any transactions carried out via your account right away’ and enabling them to ‘report any suspicious payment alerts.’

A closer look reveals that the email was sent from a bogus email address, which has nothing to do with NatWest, though can be easily missed unless you click to check the sender address. Anyone who clicked on the web link provided would have been taken to a convincing copycat NatWest website.

This copycat website has all the correct branding and asks for a customer number or card number, then the PIN and password, home address, mobile number and account details, giving the criminals everything they need to commit identity fraud and potentially hack into accounts.

How to spot phishing emails:

  • Inspect the sender’s email address – right click for more information on the sender’s email address to see if it matches that of a genuine email from the brand it claims to be from.
  • Read the email carefully – look out for impersonal greetings, spelling errors and odd wording.
  • Preview the links before you visit them – don’t click on any link, but hover over the link using your cursor or long-press the link on a smartphone to inspect it before you click on it. If it doesn’t match up with the address of the genuine brand’s website, then it’s possibly a scam.
  • Don’t trust a link just because it looks genuine, copycat websites can be very convincing.
  • Question any demands for personal information or payment – if you’re concerned that it could be a genuine email, you should contact the company directly using its official customer service channels found on its website.

You can report email scams by forwarding the email to report@phishing.gov.uk.