Don't use natwest.co.uk for online banking

Updated British customers of High Street banking brand Natwest are being advised not to use the domain natwest.co.uk – by none other than Natwest itself.

Reg reader Dan Mygind, while doing some routine online banking, spotted a rather alarming certificate error while trying to visit natwest.co.uk.

That error – a common name mismatch error usually associated with an HTTPS certificate for one domain name being presented on a different domain – triggered the customary alarming dialogue box in Google’s Chrome browser.

In turn, that prompted Mygind to ask Natwest whether it was aware of the certificate error and whether it still owned natwest.co.uk.

Any online security problems affecting banks, or perceived to affect them – whether trivial or not – causes alarm. Consumers are increasingly becoming aware of threats to their online banking security through malware and malicious apps designed to steal credentials.

Unbelievably, Natwest replied to Mygind's Twitter question by telling him not to use natwest.co.uk.

Baffled and suspicious, Mygind pointed this out to El Reg, whereupon we asked the bank whether all was well with its website, which falls under the ASN of the Royal Bank of Scotland (PLC), its parent firm.

A spokesperson tried telling us that Natwest's personal banking portal has always been hosted on natwest.com and not dot-co-dot-uk. That explanation was rather undermined by the bank's own Twitter operatives advising customers to use natwest.co.uk just four days ago.

So what's going on here? At the time of writing, natwest.co.uk redirected to a 404 page on natwest.com, no longer throwing up a domain mismatch error. We have asked further questions of Natwest and will update this article if the bank, these days a wholly owned subsidiary of Royal Bank of Scotland, responds.

RBS's consumer banking portal was working OK when we had a look at it. We suspect the cause is a partly bodged domain name migration spotted while halfway through, but look forward to Natwest's full explanation.