Now criminals are ringing up British MPs to ask them their passwords

Houses of Parliament warn of attempts to phone-phish passwords.

Now criminals are ringing up British MPs to ask them their passwords

Hot on the heels of reports that the passwords of British politicians and their staff are being sold on the web by criminals, and an attack on the Houses of Parliament’s email system, it has now been revealed that some MPs have been receiving some rather phishy phone calls.

The Telegraph reports that it has seen an email warning that politicians and their aides have been receiving telephone calls from people pretending towork for the Houses of Parliament’s IT department, and requesting usernames and passwords.

Part of the warning email – which was distributed on Thursday – reads as follows:

Sign up to our free newsletter.
Security news, advice, and tips.

“This afternoon we’ve heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.”

“The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password.”

Frankly, that’s a useful reminder for everyone – politician or not.

Your password is not just supposed to be unique, impossible to guess and hard-to-crack. It’s also supposed to be a secret.

That means you should never have to tell someone else your password. If a legitimate IT department ever needs to gain access to your account, they shouldn’t need to ask you for your password. They would probably be able to reset your password instead, to something they know.

Of course, socially it can feel awkward to be so obstructive to someone who has phoned you up, especially when they present themselves as trying to help you with a security problem.

But stand firm, and keep your password secret. Always be suspicious if someone asks you for your password, and report it as an attempted security breach.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Now criminals are ringing up British MPs to ask them their passwords”

  1. drsolly

    I was a commuter once, and I was stopped in the station by someone with a clipboard, and offered a bar of chocolate if I gave them my password. So I eagerly accepted and pocketed my chocolate in exchange for "I'll spell it out for you, Yankee, Oscar, Uniform, Romeo, Echo, Golf, Uniform, Lima, Lima, India, Bravo, Lima, Echo" and walked rapidly away before they'd worked out what I'd just said.

    1. Jim · in reply to drsolly
  2. Paul

    Good one drsolly. I would have stopped at "Foxtrot Oscar"!

  3. furriephillips

    I recommend providing misinformation – let the phishers think it's the good shit, then report the conversation and the incorrect details you provided, to the correct authorities – it may allow them to trace the result (which will of course, be failure for the phishing crew, but may help with breadcrumbs (total guess), but at the very least, will slow the nefarious party, whild they try your bad creds.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.