Major UK political parties vulnerable to phishing

Nobody wants a Christmas general election to interfere with the general merriment and festivities of the one winter event that we enjoy and some of us well, endure. And what’s more, the run up to this year’s has been particularly hostile and mired with controversy and, let’s face it, a little deceit. 

With the Tory press office Twitter profile being rebranded ‘@factcheckuk’, the public can hardly be blamed for being suspicious about the party’s motives. For many unwitting Twitter users, this profile was a genuine, verified account, discharging a steady stream of objective political facts. 

Misleading. Impersonation. Duping. We often use those words when we talk about phishing emails. Scammers impersonating a trusted organisation to mislead you into handing over personal details or money… The similarities are somewhat worrying! 

So in that vein, we thought we’d take a look at how well the 13 political parties from GB and NI were protecting their constituents from the potential of phishing attacks by analysing their primary email domains. 

Annnnd you’ve guessed it, none of the parties had their DMARC policies configured to quarantine, let alone reject. Only three of the parties – Liberal Democrats, Labour and SNP had a valid DMARC policy, but would still need to tighten configurations to direct impersonated emails using the @libdems.org.uk email domain for example, into the spam/junk folder.

So, with under a week to go, we implore you to take anything you read from a political email with a pinch of salt – seek out the official websites, try and find an impartial news site, and mostly, get out there and vote! Should you need any help with setting up your DMARC policy and ensuring the emails you both send and receive are legitimate, contact a member of the team!

Research methodology: Red Sift conducted the study in November 2019, using the domains of the main political parties in the UK with candidates from GB & NI running for the general election on 12 December 2019. 

PUBLISHED BY

Clare Holmes

6 Dec. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more
Certificates

How to build an inventory of certificates for PCI DSS 4.0 Requirement…

Rebecca Warren

We talk to organizations daily that are preparing for PCI DSS 4.0 requirements. March 31, 2025 marks the end of the transition period, and on this date, businesses must be fully compliant with PCI DSS v4.0.1.  One of the ways PCI 4.0.1 varies from PCI 3.2 is an updated Requirement 4, which covers encrypting…

Read more
DMARC

Getting started with the OnDMARC API

Nadim Lahoud

The OnDMARC API is great for performing bulk or repetitive tasks that need to be performed quickly, often and without error – and you don’t need to be a developer or even know how to code to use it. Here, I will walk you through how to perform the common task of updating the…

Read more