Parliamentary computers at risk after staff targeted by phone phishing

Criminal groups are targeting Parliament with phone calls designed to trick members of staff into disclosing confidential details that could allow them to hack into computer networks used by MPs and peers.

MPs and peers have been warned that the Parliament is facing an "ongoing issue" from fraudulent telephone calls, which are placing parliamentary networks at risk.

Parliamentary staff who have answered suspicious calls were urged to turn off their computers until Parliament’s digital service could verify that their machines had not been compromised.

“We have an ongoing issue of fraudulent automated telephone calls being made across our network. While we have attempted to block the phone numbers, we continue to receive calls from a variety of sources,” said an email circulated by the Parliamentary Digital Service.  

Parliamentarians have been on the receiving end of two variants of telephone phishing attacks, from groups attempting to persuade them to disclose details of their computers which could provide access to hackers.

In one, the caller claims that their IP address has been compromised and their internet connection will be terminated unless they follow a series of instructions and call back within 24 hours.

In a second attack, staff receive a garbled voicemail message followed by a prompt asking customers to call a number to hear the message again.

An email to staff from the Parliamentary Digital Service’s customer relationship team said that staff were at risk if they followed the fraudsters' instructions, called any of the fraudulent numbers, handed over information or provided access to their computer equipment.

The email urges parliamentarians on the receiving end of the calls to report their time and date, the phone number of the originating call, and the phone number they were asked to call.

“We need this information to understand the scale of the problem and its impact,” the email said.

“You will never be called from a genuine third-party telling you that your parliamentary internet will be cut off. Internet services are managed centrally by the Parliamentary Digital Service.

Parliamentary workers have previously reported ongoing difficulties connecting personal devices to the Wi-Fi services on the estate.

The Parliamentary Digital Service said it had worked with its Wi-Fi supplier, Telent, to "significantly improve" services. Most devices could now connect to the network, although there were still problems with Samsung phones.

“We know many of you rely on this service for your work and that these issues have been disruptive. We are very sorry for this disruption. Our investigation and finding permanent solutions for all of these issues remains our utmost priority,” it said in an email this week.

The Parliamentary Digital Service carried out essential security maintenance on a range of IT systems, including Skype, HR and Citrix desktops, which resulted in systems temporarily turned off, between 25th and 27th of May.

A parliamentary spokesman said he could not answer specific questions on the automated fraudulent phone calls for security reasons.

"Some people working in Parliament have recently received fraudulent phone calls, a common problem across all organisations. The Parliamentary Digital Service has issued advice on what to do if these calls are received. Appropriate action is being taken to deal with the situation, and the matter has now been referred to the police,” the spokesman said.