UK (Parliament Politics Magazine) – NatWest faces 100 million cyberattacks monthly, with experts revealing the scale of online fraud, including AI-assisted scams, during a session with MSPs.
As reported by The Independent, MSPs were informed that NatWest faces 100 million cyberattacks each month, with experts outlining the alarming rise in digital crime targeting the bank.
Holyrood’s Criminal Justice Committee heard that around one in three emails received by the bank are blocked due to security reasons.
Law enforcement and cybersecurity units are witnessing a growing wave of online fraud. Cases involving gold scams and romance deception have become especially prominent.
Cyber incidents nearly tripled in Scotland amid the pandemic, jumping from 7,710 in 2020 to 18,280 in 2024.
What did NatWest’s Chris Ulliott say about email threats?
Chris Ulliott, head of cybersecurity at NatWest, told the committee on Wednesday,
“We analyse every single email coming into our estate, looking for malicious content. About a third of the emails, millions a month, we actually block because they are believed to be the start of an attack against our staff.”
He said,
“If I look outside our network at the attacks that are probing our estate, we’re averaging about 100 million attacks per month just trying to break past the defences we have in the organisation.”
Mr Ulliott revealed that tackling digital threats has required a large-scale cybersecurity unit, supported by a budget running into millions.
He expressed concern over fraudsters using artificial intelligence to enhance the credibility of their approaches.
The technology might enable fraudsters to alter their looks in live video chats, making them look like an “elderly British gentleman” to gain trust.
Mr Ulliott said the group responsible for the recent Marks & Spencer attack is likely a loose international group of teens and 20s sharing ideas on online forums.
What did Stuart Houston say about global cybercrime collaboration?
According to Stuart Houston, Assistant Chief Constable at Police Scotland, international law enforcement agencies are partnering to tackle cybercrimes, supported by the FBI’s intelligence-sharing on fraud and ransomware groups.
What did Adam Stachura say about the impact of cyber-crime on the elderly?
Adam Stachura, representing Age Scotland, highlighted that many elderly individuals struggle with online technology, lacking confidence in its use.
He warned that cyber crime could have a devastating impact on elderly victims. It can lead to financial hardship and damage their sense of self-worth.
David Keenan’s views on the cyber attack on Arnold Clark’s network
David Keenan, chief information officer at Arnold Clark, addressed the significant cyber attack that disrupted the car company’s operations at the end of 2022.
He explained that the recovery process spanned several months, even though the company had 12 employees focused solely on cybersecurity.
Famous types of cyberattacks
Ransomware
- Encrypts victim’s files and demands payment for decryption.
Phishing & Spear Phishing
- Fraudulent emails/messages trick users into revealing sensitive data.
Distributed Denial-of-Service (DDoS)
- Overloads servers with traffic to crash websites/services.
SQL Injection
- Exploits database vulnerabilities to steal sensitive data.
Zero-Day Exploits
- Attacks unknown vulnerabilities before patches are released.
Man-in-the-Middle (MitM)
- Intercepts communications (e.g., fake Wi-Fi hotspots).
Advanced Persistent Threats (APTs)
- Long-term cyber espionage by nation-state hackers.
Deepfake Attacks
- AI-generated fake media used for fraud/disinformation.