As the general election nears, security officials have confirmed that several MPs have been targeted by phishing emails. In response, the National Cyber Security Centre (NCSC), an arm of GCHQ, is asking other MPs, candidates and party staff to look through their emails for signs that they’ve been targeted.
The phishing campaign is believed to have occurred in January 2017 or thereabouts – before the snap election was called – but its focus on MPs and party staff has raised suspicions that it was politically motivated.
The NCSC released details of the phishing attack after intelligence services warned that there may be a repeat of the attack on the Democratic National Committee during last year’s US presidential election.
Check for ‘unexpected requests’
The BBC reports that the number of victims is “currently understood to be in single figures”. It adds that “so far victims’ personal emails have been affected but no successful phishing attempts have been made via parliamentary email addresses.”
The NCSC said that potential victims should look out for “unexpected requests to reset [their] password for online or social media accounts (such as Apple, Google, Microsoft, Facebook or Twitter)”. Such requests may also ask targets to approve account changes that they haven’t requested.
The centre did not say whether it knew who was behind the phishing campaign, but a report in the Financial Times said it was “likely” that it had been orchestrated by a state.
No data has yet been lost as a result of this phishing attack. However, given the cyber attacks during election campaigns in the US and France, NCSC officials believe it is possible that another incident will result in “some kind of theft and then dump of information”.
Protect against phishing
Phishing is a serious problem. Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the links, and 80,000 of them unwittingly hand over their information to criminals.
Being able to spot a scam email isn’t as difficult as those figures might suggest, though. As long as you know what to look for, you can dramatically reduce the chances of falling victim to an attack.
If you’re an employer concerned about your staff’s ability to defend against phishing attacks, you may be interested in IT Governance’s Phishing Staff Awareness course. It explains what phishing is, how it works, and how you can identify and respond to a phishing scam.