You've got an email from your bank. It says there's been suspicious activity, or you need to verify your details, or there's a problem with a recent transaction.
Your stomach drops. This could be real — and if it is, you need to act fast. But it could also be a scam — and if you click that link, things could get much worse.
Let's work this out. Here's exactly how to check, with specific details for every major UK bank.
The golden rule (remember this above everything else)
Never call a phone number from a suspicious email. Never click a link from a suspicious email.
Instead: flip your bank card over, call the number on the back. That number is always genuine. Tell them you received an email and ask if it's real. This one habit will protect you from virtually every bank phishing scam.
Legitimate sender addresses for UK banks
Here are the real email domains for the major UK banks. If your email comes from a domain not on this list, be very suspicious.
Barclays:
@barclays.co.uk@barclays.com@email.barclays.co.uk@barclaysmail.co.uk
HSBC:
@hsbc.co.uk@hsbc.com@email.hsbc.co.uk@mail.hsbc.co.uk
Lloyds Banking Group (Lloyds, Halifax, Bank of Scotland):
@lloydsbank.co.uk@email.lloydsbank.co.uk@halifax.co.uk@email.halifax.co.uk@bankofscotland.co.uk
NatWest (and Royal Bank of Scotland):
@natwest.com@email.natwest.com@rbs.co.uk@email.rbs.co.uk
Santander:
@santander.co.uk@email.santander.co.uk@Abbey.com(legacy, occasionally still used)
Nationwide:
@nationwide.co.uk@email.nationwide.co.uk
Common fake patterns across all banks:
@barclays-security.com❌@hsbc-alerts.co.uk❌@lloyds-bank-verify.com❌@natwest.co.uk.secure-login.com❌ (real domain issecure-login.com)@santander-online.co.uk❌@nationwide-secure.com❌
Important: Even if the sender address looks correct, it can be spoofed. That's why the sender address alone isn't enough — use the full checklist below.
The 5 most common bank scam emails
1. "Suspicious transaction detected" "We've detected an unusual transaction of £892.40 from your account. If this wasn't you, click here immediately." This creates maximum panic. Real fraud alerts from your bank usually come by text message or through your banking app — not by email with clickable links.
2. "Verify your details to avoid account suspension" Claims your account will be frozen unless you "verify" your personal details via a link. Banks already have your details. They don't need you to re-enter them via an email link. If your bank genuinely needs to verify your identity, they'll ask you to visit a branch or call them.
3. "New payee confirmation" "You recently added a new payee. If this wasn't you, click here to cancel." Clever because it implies someone has access to your account. But real new-payee confirmations come through your banking app or during the online banking session itself — not via a separate email with a link.
4. "Important security update — action required" Claims the bank has upgraded its security and you need to re-register or update your details. Often includes a realistic-looking login page. Banks don't ask you to re-register via email.
5. "Your statement is ready / You have a new document" These can actually be legitimate — banks do email when your statement is ready. The key is: a real one will just tell you to log in to your internet banking. A fake will include an "attachment" (often malware) or a link to a phishing site. If in doubt, log into your banking app directly to check.
What your bank will NEVER do by email
Every major UK bank agrees on this. Your bank will never:
- ❌ Ask for your full PIN
- ❌ Ask for your online banking password
- ❌ Ask for your full card number via email
- ❌ Ask you to transfer money to a "safe account"
- ❌ Send you a link to log in and "verify" your details
- ❌ Ask for your one-time passcode or security code
- ❌ Threaten to close your account if you don't click a link immediately
- ❌ Ask you to download an app or software from a link in the email
The "safe account" scam deserves special mention: sometimes scammers call or email pretending to be your bank's fraud team, saying your money is at risk and you need to transfer it to a "safe account." No bank ever does this. There's no such thing as a "safe account." This is always fraud.
How to verify — step by step
✅ 1. Don't click any links in the email. Not even to "check." Just don't.
✅ 2. Open your banking app. If there's a genuine security issue, it'll show up as a notification in your app.
✅ 3. Log in to internet banking directly. Type your bank's web address yourself (e.g., barclays.co.uk, hsbc.co.uk). Check your messages and notifications.
✅ 4. Call your bank using the number on your card. Flip your debit or credit card over. The phone number on the back is always genuine. Call them and ask about the email.
✅ 5. Check the sender carefully. Match it against the legitimate domains listed above. But remember — even this can be faked, so don't rely on it alone.
Bank-specific reporting
If you've received a phishing email, forward it to your bank:
- Barclays:
[email protected] - HSBC:
[email protected] - Lloyds:
[email protected] - NatWest:
[email protected] - Santander:
[email protected] - Nationwide:
[email protected]
You can also forward any suspicious email to the National Cyber Security Centre at [email protected] — they investigate and take down scam sites.
If you've already clicked a link
Don't panic, but act fast:
If you entered your login details: Log in to your real banking site immediately and change your password. Then call your bank on the number on the back of your card.
If you entered card details: Call your bank immediately to freeze your card.
If you transferred money: Call your bank immediately — they may be able to recover funds, especially if you act within the first hour.
Run a virus scan on your device if you downloaded anything.
