Growing concerns about phishing threat to UK immigration systems

Mimecast uncovers a phishing campaign targeting UK visa sponsor accounts, with attackers posing as the Home Office for data theft.

Recently, cyber security experts at Mimecast revealed a worrying phishing campaign threatening the UK immigration system. The primary targets are sponsor licence holders, with attackers mimicking official communications from the Home Office to extract sensitive data.

The phishing strategy involves impersonating legitimate Home Office emails to steals victims' login credentials for the Sponsorship Management System (SMS). This secure platform is crucial for approved organisations that manage visa sponsorships. Attacks are accompanied by supposed urgent compliance alerts or threats of account suspension, lending a sense of urgency and authenticity to the communications.

Mimecast’s team found these fraudulent emails directing recipients to meticulously crafted fake SMS login pages. Once login details are compromised, attackers exploit access to issue fraudulent Certificates of Sponsorship.

Some scams extend fake job offers or visa sponsorships, deceiving individuals into paying between £15,000 and £20,000 for positions that do not exist. By manipulating compromised sponsor accounts, scam documentation appears genuine enough to evade basic checks, dangerously undermining the integrity of the system.

Natasha Chell, Partner and Head of Risk and Compliance at Laura Devine Immigration, emphasised, ‘We are aware of sponsors who have been targeted by these phishing scams and an unfortunate few who have had their systems breached.  As gatekeepers of the sponsorship system, sponsors need to protect their Home Office online accounts by having robust IT practices, regular training for Key Personnel who have access to the accounts and they should always contact the official Home Office channels to verify any suspicious requests.’

This ongoing threat highlights vulnerabilities that can be exploited within immigration management systems. As such, organisations responsible for navigating the complexities of the UK visa sponsorship processes must remain vigilant. The emphasis should be on maintaining robust cyber security defences and rigorous verification procedures to thwart these increasingly sophisticated phishing campaigns.

Northumbria Healthcare has partnered with Schneider Electric to modernise its infrastructure,...
Cognizant has introduced Neuro AI Trust, a platform designed to support AI governance by providing...
Financial services are leveraging AI for security but face visibility and complexity challenges in...
Kyndryl's latest report reveals a decline in workforce readiness for AI and highlights the...
Verkada partners with NVIDIA to advance AI in physical security and operations, enhancing safety...
The new integration brings privileged access requests and approvals into Microsoft Teams,...
Wasabi Technologies launches the Wasabi Impact Circle, helping partners track and mitigate carbon...
The rise of AI presents challenges to cybersecurity, with increasing reliance on manual...