Hot on the heels of reports that the passwords of British politicians and their staff are being sold on the web by criminals, and an attack on the Houses of Parliament’s email system, it has now been revealed that some MPs have been receiving some rather phishy phone calls.
The Telegraph reports that it has seen an email warning that politicians and their aides have been receiving telephone calls from people pretending towork for the Houses of Parliament’s IT department, and requesting usernames and passwords.
Part of the warning email – which was distributed on Thursday – reads as follows:
“This afternoon we’ve heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.”
“The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password.”
Frankly, that’s a useful reminder for everyone – politician or not.
Your password is not just supposed to be unique, impossible to guess and hard-to-crack. It’s also supposed to be a secret.
That means you should never have to tell someone else your password. If a legitimate IT department ever needs to gain access to your account, they shouldn’t need to ask you for your password. They would probably be able to reset your password instead, to something they know.
Of course, socially it can feel awkward to be so obstructive to someone who has phoned you up, especially when they present themselves as trying to help you with a security problem.
But stand firm, and keep your password secret. Always be suspicious if someone asks you for your password, and report it as an attempted security breach.
I was a commuter once, and I was stopped in the station by someone with a clipboard, and offered a bar of chocolate if I gave them my password. So I eagerly accepted and pocketed my chocolate in exchange for "I'll spell it out for you, Yankee, Oscar, Uniform, Romeo, Echo, Golf, Uniform, Lima, Lima, India, Bravo, Lima, Echo" and walked rapidly away before they'd worked out what I'd just said.
Brilliant!
Good one drsolly. I would have stopped at "Foxtrot Oscar"!
I recommend providing misinformation – let the phishers think it's the good shit, then report the conversation and the incorrect details you provided, to the correct authorities – it may allow them to trace the result (which will of course, be failure for the phishing crew, but may help with breadcrumbs (total guess), but at the very least, will slow the nefarious party, whild they try your bad creds.