UK immigration system targeted by hackers - dangerous new phishing campaign hits Sponsorship Management System

News
By published

Hackers are stealing Home Office credentials

Stressed worker
(Image credit: Shutterstock)
  • Mimecast uncovers phishing campaign targeting the UK Home Office
  • Accounts are being stolen through phishing emails and fake websites
  • The fake sites are almost indistinguishable

A phishing campaign has been uncovered by Mimecast researchers targeting the Home Office Sponsorship Management System (SMS).

The main aim of the campaign appear to be to compromise access to accounts, which can then be sold on the dark web, extorting organizations through the theft of sensitive data, and creating fraudulent Certificates of Sponsorship (CoS).

The campaign doesn’t just affect organizations with sponsor license privileges, but threatens to undermine the entire UK immigration system.

UK Home Office at risk

The attackers begin the campaign by sending emails that closely resemble legitimate emails distributed by the Home Office, using the same branding and stylization. The emails include an urgent call to action that threatens account suspension if the user doesn’t log in.

The victims are guided to a fake login page via a captcha-gated URL that looks very similar to the legitimate URL used by the Home Office. After completing the captcha, the user lands on a cloned Home Office login page.

The only differences between the legitimate and illegitimate pages are in the form submission. The fake page directs credentials to an attacker-controlled script, where the exposed credentials can be used to log in to the victims account.

With the stolen accounts, the attackers can then create fake job offers and visa sponsorship schemes, and charge victims tens of thousands of pounds to access them.

The best protection against phishing campaigns such as this one is constant vigilance. Always double check URLs and be cautious of urgent calls to action.

A full list of the indicators from this phishing campaign can be found on the Mimecast blog.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.