NatWest cybercrime vulnerability highlighted

An email security specialist organisation has identified a simple yet important flaw in online banking systems which could be exposing unknowing customers to cyber-orientated threats. Graeme Batsman, director at Atbash, has spotted a vulnerability in the system used by NatWest, highlighting a susceptibility to phishing emails and malware.

The flaw identified in the bank's current email security set up has been found to decrease the possibility of phishing emails being identified and filtered out safely. Batsman comments: "Being a security techy, I spent time pulling software, spoofed emails or viruses apart to see exactly how they work and where the possible flaws can be seen. During early July I was handed a sample of an email from NatWest which slipped past the security system. After inspecting the problem and testing the vulnerability I identified that the problem was a missing SPF record."

He adds: "To put it simply NatWest's email servers are based within the United Kingdom, so if someone was sending an email from New Zealand pretending to be NatWest, it should get blocked. When an email is sent there is a simple check done in the background to see where the email should come from (in this case UK) and where is actually comes from (in this case New Zealand), If the two do not tie up then email servers will determine the email to be fake and it will be blocked."

Batsman says that, unlike other cyber threats facing large corporations with an obligation to protect customer data, this particular vulnerability in the NatWest system would have cost nothing to address. By integrating an SPF record on the system, the bank would have increased the chance of email spam filters detecting that the email is a fake and as a result offering better protection for their customers.

Whilst NatWest.com does have SPF records set up, the critical domain nwolb.com which is used for online banking login does not. Rivals such as Metro Bank, Barclays, Santander and Lloyds already have SPF records setup for their domains which relate to online banking login paths.

    Share Story:

Recent Stories


Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

Legacy isn’t the enemy: what FSIs can do to keep their systems up and running
In this webinar we will examine some of the steps FSIs have already taken to rigorously monitor and test systems – both manually and with AI-powered automation – while satisfying the concerns of regulators and customers.

Optimising digital banking: Unifying communications for seamless CX
In the digital age, financial institutions risk falling behind their rivals if they fail to unite fragmented communications ecosystems to deliver seamless, personalised customer experiences.

This FStech webinar sponsored by Precisely explores vital strategies to optimise cross-channel messaging through omnichannel orchestration and real-time customer data access.