Fake NatWest email falsely claims FCA is making biometric login mandatory

Impersonating: NatWest

What is this scam?

Phishing emails impersonating NatWest falsely tell recipients that the Financial Conduct Authority has made biometric login — using a fingerprint or facial recognition — mandatory for all online banking customers. The email creates urgency by implying the recipient must update their login method immediately to avoid losing account access. Clicking the link leads to a fraudulent site designed to harvest banking credentials and personal details. The FCA does require Strong Customer Authentication but has not mandated biometric checks, and NatWest never sends unsolicited emails with embedded login links.

Example scam message

NatWest: Important update regarding your online banking access. The Financial Conduct Authority has introduced mandatory biometric login requirements for all UK banking customers. To comply with new FCA regulations and maintain uninterrupted access to your NatWest account, you must register your biometric details by 15 July 2026. Update your login settings now: natwest-biometric-update.xyz/register

Red flags to look out for

  • The message creates urgency — threatening a fine, missed delivery, or account closure.
  • Links lead to unofficial domains that don't match the real company's website.
  • You weren't expecting this message and can't verify the event it references.
  • It asks you to confirm payment details or personal information via a link.
  • The sender's number or email address doesn't match the company's official contact.

What to do if you receive this

  1. Do not transfer money — your bank will never ask you to move funds to a 'safe account'.
  2. Hang up and call your bank directly on the number printed on the back of your card.
  3. Report it to Action Fraud at actionfraud.police.uk.
  4. If you've already transferred money, contact your bank immediately and ask about the APP fraud refund scheme.
Received this message? Forward it to 7726 (free on all UK networks) to report it to your mobile provider. You can also report it to Action Fraud or email the NCSC at report@phishing.gov.uk.

Not sure if your message is a scam?

Check it instantly with our free AI-powered detector.

Check a message now
← Back to all latest scams

Source: Which?