MPs are facing rising numbers of phishing attacks and Russia-based actors are actively targeting the WhatsApp and Signal accounts of politicians and officials, UK parliamentary authorities have warned.

MPs, peers and officials are being asked to step up their cybersecurity after a continued rise in attacks that have involved messages pretending to be from the app’s support team, asking a user to enter an access code, click a link or scan a QR code.

If successful, the attacker can read the parliamentarian’s messages, download their contact lists and monitor their activity, all without being discovered, according to a memo sent on Thursday and seen by the Guardian.

The National Cyber Security Centre (NCSC), based at GCHQ, shared new measures in October to protect parliamentarians from phishing attacks but “such cases have continued to rise” it said.

“The NCSC are aware of Russian-based activity targeting commercial messaging platforms used by UK politicians and officials, including Signal and WhatsApp,” the parliamentary authorities said.

They are urging legislators and officials to stop using commercial messaging platforms for parliamentary work and to use Microsoft Teams for informal communications.

A government spokesperson said: “Spear-phishing is a common but all-too-effective tactic used by threat actors attempting to gain access to information, online accounts and devices.

“The National Cyber Security Centre is working with partners in government and UK parliament in response to recent targeting against commercial messaging apps including Signal and WhatsApp. We strongly encourage individuals at high risk of being targeted to follow the NCSC’s guidance and to sign up for our cyber-defence services to help bolster their protection.”

Last year, police launched an investigation after several MPs were apparently targeted in a “spear-phishing” attack by a WhatsApp user calling themselves “Abigail” or “Abi”. In 2023, the government identified a group called Star Blizzard, operated by Russian intelligence officers, targeting parliamentarians, including through spear-phishing, from at least 2015.

In their latest warning, the parliamentary authorities said “these attacks are easy to carry out if the attacker has your phone number” and urged them to take steps to make their accounts more secure and reduce the risk of attack.

These include enabling two-factor authentication on messaging accounts, checking if there are any unrecognised devices linked to their own, and removing any that are there immediately, as this could indicate they have been targeted.

Legislators and parliamentary staff can also register their phone number and email with the NCSC, which will provide alerts if accounts are compromised.