HMRC scam breaches Parliament firewall

MPs have been the subject of an attempt to steal information after an HMRC scam got through the parliamentary firewall.

The 'tax rebate' phishing email on Monday tried to direct a number of MPs to a fake site, which attempted to harvest personal information, Labour MP Andrew Miller told ZDNet UK on Tuesday.

"The email said 'You're entitled to a tax rebate, click on this, and give us your details,' — it got through the firewall here," said Miller.

Miller said that the phishing email highlighted the dilemma of a number of organisations, in that systems had to be left open enough to communicate, but doing so left staff open to social engineering attack.

"Some of the payloads are so sophisticated that even something that was bang up to date, you are not going to be protected," said Miller.

The parliamentary information communication and technology department (Pict) is "still fairly thinly resourced", said Miller.

"The information technology department is still fairly thinly resourced," said Miller. "You've got to bear in mind it supports us in the constituency offices as well, so it's a much bigger operation than just working in the Palace [of Westminster]. Although they've got a six day a week helpline, it is a very small department, compared with a business of this size. Of course, [the Commons] is like 650 small businesses operating in a federal structure."

One of the difficulties facing Pict is parliamentary staff and MPs wanting to use their own devices.

"If somebody goes out and buys an Android phone, and syncs it with their Outlook on their Commons provided laptop, who's to say that they may not pick up a virus through that route?" said Miller.

Backbench MPs are not likely to come under cyber-attack from foreign powers, said Miller, because the information they deal in is "not top secret". The further up the ministerial ladder, the tighter the information security gets, Miller added.