At least a dozen Westminster insiders targeted in WhatsApp phishing attack
More than a dozen politicians, advisers and journalists have been targeted in a phishing attack, in what cybersecurity experts believe is an attempt to compromise them.
Twelve menworking in Westminster, including a serving government minister, told Politico they had received unsolicited WhatsApp messages from two suspicious mobile numbers in the past six months.
The Guardian spoke to a 13th man who has not previously shared his experience and who was targeted in the exact same way by a WhatsApp user calling themselves “Abigail” or “Abi”.
The former government special adviser received the first message on 23 January 2023, demonstrating that the phishing operation has been under way for at least 18 months. He received a message from an unknown number in the evening that said: “Long time no speak (eyes emoji), how’re you?”
The WhatsApp user, who used a young woman’s photo as the profile picture, introduced themselves as Abigail and said that they “used to have some late-night chats” but “it’s been a while, you may not still be single”.
When the man responded that the sender probably had the wrong number, she claimed they had met at a conference and offered to “jog your memory”.
They kept sending messages into the night, saying, “Definitely don’t recognise me?” and “I feel a bit awkward! I’m sure I had the right guy.”
They then said: “I’m about to do something reckless. Anyone with you right now?” and sent an explicit picture.
Abigail claimed to have met the man at the Midland bar, a popular hangout for Conservative party conference attenders when the gatherings are held in Manchester.
The man suspected that it was a scam, but continued exchanging messages with “Abigail” for a few months, without sharing any explicit or compromising information. The most recent message was received on 17 March this year.
The messages he received bear a striking similarity to the group of cases collected by Politico, which reported that one Tory MP had referred the messages to the police.
The story has sparked fears about attempts to persuade MPs, advisers, officials and others working in Westminster to share compromising information and use it to threaten or blackmail them.
Politico reported that the user sending the messages claimed to have met each target at various settings relating to their work.
Two people were sent references to their work on the Mid Bedfordshire byelection of October 2023. One received a message relating to their involvement in “the Nandy campaign” (a reference to Lisa Nandy’s bid for the Labour party leadership in 2020).
Another was told they had previously met the sender in the “Sports” – shorthand for the Woolsack bar in parliament, formerly the Sports and Social Club, a place frequented by parliamentary staffers.
It comes at a time of heightened concerns about cyber-attacks by hostile states such as Russia and China.
Cybersecurity experts said the phishing campaign was not highly sophisticated because the messages came from the same two numbers, which were not registered with a mainstream UK phone network.
There have been calls in recent weeks for parliament to introduce training on digital and operational security for MPs, peers and their staff. Parliamentary employees who are concerned have been urged to contact the parliamentary security team.
A Commons spokesperson said: “Parliament takes cybersecurity extremely seriously. We provide members and staff with tailored advice, making them aware of cyber risks and how to manage their digital safety – including on any personal devices and accounts.”