WhatsApp has become the next battleground in an outrage that is rocking Westminster networks. Recent findings reveal that not only UK Government officials but also MPs, workers, and journalists have fallen victim to a deceptive “spear phishing attack”.
Twelve Westminster employees, one of whom is a serving government minister, told Politico that they have received unsolicited WhatsApp messages. Two suspicious cell phone numbers sent these texts over the previous six months.
Six more Westminster residents contacted POLITICO with messages following the story’s release. They claimed to have received nearly identical texts from one or the other of the mentioned numbers. It seems someone targeted some of the 12 recipients with graphic photographs to lure them in.
Another person, the thirteenth to come forward, shared his story for the first time. A person on WhatsApp going under the names “Abigail” or “Abi” targeted him, much like others.
Exposing the Suspicious Methods of WhatsApp Phishing
A sophisticated phishing technique targeted a former special adviser to the government for at least eighteen months. The victim fell prey to the scam on the evening of January 23, 2023, after receiving an apparently normal SMS from an unidentified number. To put the receiver at ease, the sender used a pleasant tone and an emoji (“Long time no speak (eyes emoji), how’re you?”).
The WhatsApp user, who used a young woman’s photo as their profile image, described themselves as Abigail. Then they said, “It’s been a while; you may not still be single,” and acknowledged having had earlier late-night talks.
The man originally reacted by confirming that the sender’s phone number could be incorrect. However, she said they had met at a convention and promised to ‘jog your memory’. Despite his denial, the texts continued into the night, with queries such as, ‘Definitely don’t recognise me?’ and I’m feeling a little weird! I’m certain I had the right person.
Abigail claimed to have met the man at the Midland pub, a well-liked hangout for Manchester attendees of Conservative party conferences. Despite his suspicions, the man continued communicating with “Abigail” via messages for several months without revealing any sensitive information.
On March 11th, a journalist received an unsolicited message from “Charlie,” who claimed they had exchanged numbers during a night out. Despite blocking that number, the journalist received a subsequent message from “Abi” the following day, this time from a different number.
The analysis has heightened concerns over deliberate attempts to influence Westminster’s employees, encompassing MPs, advisors, and officials. Security experts interpret these efforts as potential attempts to compromise these individuals, leading to heightened worries about the dissemination of sensitive data and its potential exploitation for blackmail or extortion.
There’s a possibility that scammers are employing the same unregistered phone numbers for more of their deceptive schemes. Cybersecurity professionals warn that these low-effort phishing campaigns often utilise the tactic of recycling phone numbers from lesser-known UK networks.
British cybersecurity guidelines encourage British MPs and their staff to follow them. The National Cyber Security Centre (NCSC), part of GCHQ, provides this information to help them protect against advanced cyberattacks.
At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.