Senior Australian diplomats, including ambassador to the United States Arthur Sinodinos, have been caught up in a sophisticated identity theft scam in which cyber attackers impersonated them on encrypted messaging services WhatsApp and Telegram in a bid to get sensitive information from their contacts.

The Australian Federal Police is investigating the security lapses after a number of heads of mission reported experiencing suspicious activity on their phones.

Australia’s ambassador to the US, Arthur Sinodinos, was one of the diplomats hit by the phishing scam.

Australia’s ambassador to the US, Arthur Sinodinos, was one of the diplomats hit by the phishing scam.Credit:Janie Barrett

The cyber scare appears to mirror the attacks on senior cabinet ministers, including Finance Minister Simon Birmingham and Health Minister Greg Hunt, whereby the attackers are impersonating the individuals on WhatsApp or Telegram by using their names and personal phone numbers and gaining access to their contact book. There is also a third federal MP who has been hit by the scam who has not been identified.

The “phishing” attacks have unsettled some senior members of the Department of Foreign Affairs and Trade to the extent that they are now operating on the basis their phones have been compromised. This climate of fear has been exacerbated by a number of other unrelated cyber attacks against diplomats, as well as sophisticated hacks on the computer networks of Parliament House and Nine News (publisher of this masthead).

Mr Sinodinos confirmed a Telegram account was created in his name and said the matter had now been addressed by the AFP.

Loading

The AFP’s investigations, which included having MPs hand over their phones, so far show none of the devices have been physically hacked into, despite their contact books being stolen. But cabinet ministers did have their phones replaced out of caution.

Under the scam, senior politicians and diplomats are being sent messages asking them to validate new WhatsApp and Telegram accounts. Once they click on the link or download the app, the hacker then has access to their contact book and the ability to impersonate them on the new account. The cyber attackers are then sending unsolicited messages to the person’s contacts asking for contact details of people in Hong Kong.

The person impersonating Senator Birmingham’s phone began sending messages to a number of his contacts on Telegram, with one of the recipients asked: “Do you have a contact in Hong Kong. An Aussie preferably.”