Don’t use natwest.co.uk for online banking, Natwest bank tells baffled customer
British customers of High Street banking brand Natwest are being advised not to use the domain natwest.co.uk – by none other than Natwest itself.
Reg reader Dan Mygind, while doing some routine online banking, spotted a rather alarming certificate error while trying to visit natwest.co.uk.
That error – a common name mismatch error usually associated with an HTTPS certificate for one domain name being presented on a different domain – triggered the customary alarming dialogue box in Google’s Chrome browser.
In turn, that prompted Mygind to ask Natwest whether it was aware of the certificate error and whether it still owned natwest.co.uk.
Any online security problems affecting banks, or perceived to affect them – whether trivial or not – causes alarm. Consumers are increasingly becoming aware of threats to their online banking security through malware and malicious apps designed to steal credentials.
Unbelievably, Natwest replied to Mygind’s Twitter question by telling him not to use natwest.co.uk.
Hi Dan, we would not advise any customers to use https://t.co/G8OD5QK19R to access their accounts. The correct address is : https://t.co/MYLOyTehZv . Let me know if you need any further help, CX
— NatWest (@NatWest_Help) February 19, 2020
Baffled and suspicious, Mygind pointed this out to El Reg, whereupon we asked the bank whether all was well with its website, which falls under the ASN of the Royal Bank of Scotland (PLC), its parent firm.
A spokesperson tried telling us that Natwest’s personal banking portal has always been hosted on natwest.com and not dot-co-dot-uk. That explanation was rather undermined by the bank’s own Twitter operatives advising customers to use natwest.co.uk just four days ago.
Natwest telling people four days ago to use natwest.co.uk. What changed?
So what’s going on here? At the time of writing, natwest.co.uk redirected to a 404 page on natwest.com, no longer throwing up a domain mismatch error. We have asked further questions of Natwest and will update this article if the bank, these days a wholly owned subsidiary of Royal Bank of Scotland, responds.
That Natwest 404 page in full
RBS’s consumer banking portal was working OK when we had a look at it. We suspect the cause is a partly bodged domain name migration spotted while halfway through, but look forward to Natwest’s full explanation.
The bank last week reported profits of £3.1bn for 2019 (PDF), nearly double the £1.6bn of the year before. ®
Sponsored:
Detecting cyber attacks as a small to medium business
Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/19/natwest_uk_domain_bafflement/