Watch out for spate of “Natwest BACs” email malware scams

ByCraig Haley

Email users should be aware of a spate of fake Natwest emails that attempt to lure them into opening a malicious email attachment.

The email – screenshot below – asks the recipient to open up a BACs related document. BACs is a technology in the UK responsible for transferring money between different bank accounts.

Important : Incoming BACs Documents
This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.
To unlock/view your documents, follow the instructions below.
1. Look for an attachment (BACs.doc) ( typically at the top or bottom; location varies by email service).
2. Your Document Password is: x5G5yK9mkHax

The email asks users to open the attachment to unlock the attached document, however omits any specific details as to what the attached document contains. This is a social engineering trick used by scammers to lure curious victims into opening the attachment.

The attachment is a Word document that – when opened – will ask the recipient to give permission for small files called Macros to run. These are capable of running small scripts on the computer which will instruct your device to download harmful malware from the Internet.


Sponsored Content. Continued below...




Ultimately, the device that opens the dangerous Word document will likely end up getting infected with malware.

These types of email scams are commonly used to distribute ransomware, which is capable of encrypting all your personal files and subsequently demanding a ransom to decrypt them.

Remember, just because an email appears to be from a specific person of company, these emails can be easily spoofed. Never open up an email attachment unless you were explicitly expecting one.

Continued below...


Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.

We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here

Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X