We have a company that sends us fake phishing attacks every month, logs who clicks on the bad link, and publishes the results of the survey to the CTO.

Seems like a position as important as MP should have something similar set up for their governmental email accounts.