A spokesperson for the Foreign, Commonwealth & Development Office said that the call took place in recent days and was “brief” but did not elaborate on the party behind the impersonation or how they had Cameron’s contact details, the news service reported.
Cameron became suspicious after the caller requested contact details, the BBC said.
“Whilst regretting his mistake, the foreign secretary thinks it important to call out this behaviour and increase efforts to counter the use of misinformation,” the spokesperson reportedly said.
Petro Poroshenko was president of Ukraine between 2014 and 2019.
in 2022 a video of defence secretary Ben Wallace being duped into speaking by phone to an impostor posing as the Ukrainian prime minister was published on Monday – hours after Downing Street said it believed Russian state actors were responsible for the hoax.
In the short clip, Wallace replies with scepticism and apparent confusion when the caller asks him questions.
Earlier, the UK government warned that the impostors were linked to the Kremlin and could release a doctored video of the call with the defence secretary.
Wallace tweeted: “Things must be going so badly for the Kremlin that they are now resorting to pranks and video fakes. Not the actions of a confident Government, but then again after the Salisbury Cathedral sightseeing story, anything is possible …”
In May 2018, Boris Johnson – then the foreign secretary – talked about international relations and rude poetry with a hoax caller who pretended to be the Armenian prime minister.
In 2015, it emerged that an impostor claiming to be the head of GCHQ, Robert Hannigan, managed to get through to the then prime minister, David Cameron, on his mobile number.
In another hoax, a caller rang GCHQ and managed to obtain Hannigan’s mobile phone number.
“These are classic information operations tactics, which are as old as time. In these cases, they have sought to undermine and embarrass the British government, while distracting from the major issues of the day and diverting attention away from what’s happening in Ukraine’, Mike Wills is director of strategy and policy at cyber and data security firm CSS Assure.
It’s important to remember that the fraudsters who carried out these pranks are well-resourced. They’re the Hollywood blockbuster actor-standard of scammers and a lot of time and effort will have been put into preparing for and conducting these attacks. They’ll have done their background research, knowing they have a single chance to be utterly convincing from the first point of contact.
War isn’t just about bombs and bullets – it’s about every facet of human endeavour. It includes the physical combat sphere and the ethereal information sphere. The Russians are past masters at this; within their state apparatus, they’ll have infantry fighters, combat fighter pilots and tank gunners, as well as the best in terms of intelligence and influence operations.
While this time, the fraudsters have been cunning and managed to get into the top level of government, this can – and does – happen to any local authority at any time.
Councils should always make themselves as hard to hack as possible, but more so than ever given that Russia will be seeking to create instability within western countries – which is easier to achieve virtually. The international Five Eyes community has also issued warnings of further cyber and misinformation attacks in response to the heavy sanctions placed on Russia.
So, how has this been allowed to happen? In theory, the government will have verified the other participants in the meeting were who they said they were. This isn’t always easy, but there are simple tactics you can use to identify potential fraudsters.
If conducted by means of a phone call, you’d want to take control of that call so you know who you are dialling. This can be done by asking the caller for their full name and the organisation they’re working for. Then, tell them you’re going to call them back via the front desk phone number of the organisation – which you can get from a credible source online – and ask to be put through to them internally. Here, you’re taking control of the situation by going to a known phone number.
However, in these cases, communication appears to have taken place via an online virtual meeting, which means it’d probably been set-up by an email from a credible source – suggesting the email address has either been intercepted or cloned.
With this in mind, local authorities should consider resetting passwords in case they’ve been breached and are enabling access to web portals and email accounts, as well as remind employees to think twice before opening or clicking links on any suspicious emails.
Multi-factor authentication – which requires users to provide two or more verification factors to gain access to a resource – should be implemented wherever possible, and software upgrades and patches should be up to date.
Once you’re on the call – whether voice or video – people should confirm who is on the other end of the line before revealing information. If taking place over the phone, try and work out if you recognise their voice. This is difficult, but there may be someone within the department who has regular communication with the caller. If so, bring them into the room and ask if they can confidently verify their identity. This can be done by a brief discussion based on previous conversations and historic pleasantries.
For video calls, insist the other party turns on their camera and Google their name to see if you can identify them. With cyber and misinformation attacks being so common and pervasive, it’s important people develop the confidence and feel comfortable in verifying someone’s identity for their own protection and resilience.
Local authorities should also dust off, review and rehearse incident response plans so they know how to react swiftly to any incident and are able to minimise its potential scope, scale and associated impact.
Finally, it’s vital to ensure employees understand the importance and necessity of information security, which can be carried out through data and cyber security awareness training. This will help to ensure confident, compliant and resilient staff, which, in turn, creates a well-protected council.
Mike Wills is director of strategy and policy at cyber and data security firm CSS Assure
Along with government officials, UK citizens are frequently becoming victims of Russians fraudsters.
Here are tips to prepare yourself.
How the fraudsters may contact you
We know that criminals are:
- telephoning people in the UK and other countries
- using websites to offer fake services, work or study in the UK and guaranteed visas to enter the UK
- using email addresses or SMS numbers that look official but are not
How to protect yourself
You should be suspicious if:
- what they offer seems too good to be true – an easy job in the UK, or a way to get a UK visa quickly and easily
- you are guaranteed a visa to enter the UK using documents they provide to support your application
- they ask you for money, particularly if they ask you for cash or to pay using insecure payment methods such as money transfer, Ukash voucher or Paysafecard (which you buy at a shop) – these methods do not allow the recipient to be traced
- they ask for your bank account or credit card details, or confidential information
- they demand secrecy or try to force you to act immediately
- the website does not look professional (badly written or designed) or does not include any information about the organisation
- you are asked to reply to a free email account such as Hotmail, Yahoo Mail, or Gmail which may also contain poor grammar and spelling
If you are suspicious:
- do not give out any personal information, or confirm that any personal information they have is correct
- do not pay them any money
- do not pay them using electronic vouchers
Report any suspicions of fraud
Please report your suspicions or incidents to Action Fraud, either on the Action Fraudwebsite or (only if you are in the UK) by phoning 0300 123 2040.
Action Fraud provides a fraud-reporting and advice centre, where people and small businesses can report fraud, attempted fraud and scam emails.
Your reports will then be passed on to the National Fraud Intelligence Bureau and analysed to see if they can be used as part of a police investigation.
You can help to stop scammers by warning your friends and family, and by making Action Fraud aware of any scams that you have encountered.
Discussion about this post