Hot on the heels of reports that the passwords of British politicians and their staff are being sold on the web by criminals, and an attack on the Houses of Parliament’s email system, it has now been revealed that some MPs have been receiving some rather phishy phone calls.
The Telegraph reports that it has seen an email warning that politicians and their aides have been receiving telephone calls from people pretending towork for the Houses of Parliament’s IT department, and requesting usernames and passwords.
Part of the warning email – which was distributed on Thursday – reads as follows:
“This afternoon we’ve heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.”
“The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password.”
Frankly, that’s a useful reminder for everyone – politician or not.
Your password is not just supposed to be unique, impossible to guess and hard-to-crack. It’s also supposed to be a secret.
That means you should never have to tell someone else your password. If a legitimate IT department ever needs to gain access to your account, they shouldn’t need to ask you for your password. They would probably be able to reset your password instead, to something they know.
Of course, socially it can feel awkward to be so obstructive to someone who has phoned you up, especially when they present themselves as trying to help you with a security problem.
But stand firm, and keep your password secret. Always be suspicious if someone asks you for your password, and report it as an attempted security breach.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.