Security researchers are warning UK voters to be on their guard after revealing that most of the country’s political parties still don’t have best practice email security measures in place to mitigate fraud risks.
RedSift analyzed the UK’s main 13 political parties ahead of a tense General Election on December 12, in which the direction of the country could finally be decided after three years of Brexit-related uncertainty.
It found that just three, the Liberal Democrats, Labour and the Scottish National Party (SNP), had a valid DMARC policy. The Domain-based Message Authentication, Reporting and Conformance protocol (DMARC) is recommended by security experts as a key function to help prevent phishing and other spoof email attempts.
While it’s best used in combination with other layered security measures, DMARC does help to guarantee the legitimacy of the sender, which is why the UK government mandated its use for departments back in 2016, with the US following two years later.
According to RedSift’s research, the Conservative Party, the Brexit Party and many others are exposing voters to potentially fraudulent email communications.
“This insight into political party cybersecurity is particularly concerning given that the National Cyber Security Centre, an organization that’s part of the UK government, mandated back in 2016 that all government bodies should implement DMARC so all email traffic can be monitored for malicious activity,” argued RedSift co-founder, Randal Pinto. “It’s a sorry state of affairs that three years on, voters still can’t be sure whether political pledges and requests for support are originating from credible candidates.”
Even the three parties that currently have valid DMARC policies in place can do more. They need to upgrade to a p=reject policy so phishing emails don’t end up being received by prospective voters.
The Conservative Party has already caused widespread anger for doctoring footage of opposition candidates on Brexit and changing its official Twitter feed during a televised debate to pose as an official fact-checking source.
“Confidence in politics has taken a dive recently,” argued Pinto. “The Conservative’s ‘factcheckUK’ Twitter scandal hurt the party’s credibility, damaging public trust — akin to the method scammers deploy each time they impersonate emails to elicit action.”