MPs Hit by Phishing Campaign: Report
MPs have been targeted by a new phishing campaign after a government whip’s accounts were hacked, according to reports.
Tory MP Mike Freer told BuzzFeed News that the "parliamentary authorities are currently investigating" following the incident.
According to the report, dozens of MPs were added to a WhatsApp group named “Hack warning 1” by an account linked to Freer’s personal mobile phone number.
The MPs left the group swiftly, followed by Freer’s number.
In a Facebook update to friends, he hinted that his email account had also been compromised.
“If anyone receives a text asking them to download a viber so we can have a secure call please ignore and delete. I’ve been hacked. Ditto for any email suggesting I need overseas contacts for a government payment. Delete," it noted.
The Whips’ Office subsequently sent an alert warning of a “malicious hack that accesses your contacts list and sends texts and emails to all your private contacts.”
CensorNet CTO, Richard Walters, warned that phishing attacks remain a staple of the cyber-criminal fraternity.
“The reason is simple; it relies on manipulating people who are inherently trusting, particularly when attacks are highly targeted. It’s easy to say that there’s been a fairly sizable error in judgement by anyone who fell for it, but it really could happen to anyone,” he added.
“It would, however, be sensible for organizations — whether government or not — to make sure that people are adequately aware of the risks and not, as in this case, download anything based on the say so of a ‘contact’. A little bit of caution would always be advised.”
This isn’t the first time MPs have been targeted by a phishing campaign.
Back in June 2017, around 1% of parliamentary email accounts were cracked open by hackers, potentially after brute-forcing or guessing credentials. The attackers then launched vishing attacks in the aftermath in an attempt to trick users into handing over their log-ins over the phone. The attacks were blamed on Iran.
Source: Information Security Magazine