Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (invariably malicious) websites.
Scammers try to capitalise on heightened public awareness of particular issues. Such social engineering techniques often increase in prevalence follow a high-profile incident. For example, following the WannaCry ransomware incident, there were several reported scams, including fake fixes for the malware, and malicious ‘tech support’ services. Phone calls can form part of a blended social engineering campaign, along with emails or social media contact. It is likely that scams such as these will continue to follow widely reported events.
For information on appropriate use of passwords, please see the NCSC guidance.