Major UK political parties vulnerable to phishing

Nobody wants a Christmas general election to interfere with the general merriment and festivities of the one winter event that we enjoy and some of us well, endure. And what’s more, the run up to this year’s has been particularly hostile and mired with controversy and, let’s face it, a little deceit. 

With the Tory press office Twitter profile being rebranded ‘@factcheckuk’, the public can hardly be blamed for being suspicious about the party’s motives. For many unwitting Twitter users, this profile was a genuine, verified account, discharging a steady stream of objective political facts. 

Misleading. Impersonation. Duping. We often use those words when we talk about phishing emails. Scammers impersonating a trusted organisation to mislead you into handing over personal details or money… The similarities are somewhat worrying! 

So in that vein, we thought we’d take a look at how well the 13 political parties from GB and NI were protecting their constituents from the potential of phishing attacks by analysing their primary email domains. 

Annnnd you’ve guessed it, none of the parties had their DMARC policies configured to quarantine, let alone reject. Only three of the parties – Liberal Democrats, Labour and SNP had a valid DMARC policy, but would still need to tighten configurations to direct impersonated emails using the @libdems.org.uk email domain for example, into the spam/junk folder.

So, with under a week to go, we implore you to take anything you read from a political email with a pinch of salt – seek out the official websites, try and find an impartial news site, and mostly, get out there and vote! Should you need any help with setting up your DMARC policy and ensuring the emails you both send and receive are legitimate, contact a member of the team!

Research methodology: Red Sift conducted the study in November 2019, using the domains of the main political parties in the UK with candidates from GB & NI running for the general election on 12 December 2019. 

PUBLISHED BY

Clare Holmes

6 Dec. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more
Email

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more
Email

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more