UK Political Parties Fail on Email Security Ahead of Elections
The UK’s political parties are largely failing to protect their members from phishing attacks ahead of the European elections, a security vendor has claimed after revealing poor take-up of the DMARC protocol.
Domain-based Message Authentication, Reporting and Conformance, to give it its full title, is widely regarded as a best practice solution to help mitigate the threat of email impersonation.
Although not a silver bullet for email security, it helps to guarantee the legitimacy of the sender, which is why the UK government mandated its use for departments back in 2016, with the US following two years later.
However, according to analysis from Red Sift of all 22 main UK political parties participating in the European Parliament elections, only five had DMARC implemented.
These were the Lib Dems, Labour, the SNP, and two lesser known organizations: the Socialist Party and the Animal Welfare Party. That means the Conservatives, UKIP the Brexit Party and others are potentially putting their members at risk of phishing and other email scams.
However, even those that implemented DMARC are not quite there yet: Red Sift detected only “p=none” policies, which are the weakest form of the protocol. It amounts to little more than monitor mode, meaning recipients may still get phishing emails in their inbox — dubious messages are neither sent to the user’s spam folder nor rejected outright.
Randal Pinto, co-founder and COO at Red Sift, described the results of the firm’s analysis as “deplorable.”
“Let’s lay our cards out on the table, the World Economic Forum calls out phishing as the one of the most successful methods by which to carry out a cyber-attack, so at a time when election fraud and fake news are abound, surely politicians should be taking voter safety into consideration,” he added.
“To have all of the official UK political parties neglect this fundamental defense system is a worrying indicator of their willingness to protect their voters.”
The news follows another security audit of major political parties released this week by SecurityScorecard, which found Sweden’s parties topping the list, with the Liberal Democrats doing best in the UK.
Source: Information Security Magazine