TZUTC: -0500
MSGID: 1365.consprcy@1:2320/105 2d032b2e
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
UK immigration system targeted by hackers - dangerous new phishing campaign
hits Sponsorship Management System

Date:
Thu, 14 Aug 2025 11:04:53 +0000

Description:
Phishing emails are being used to steal account credentials to generate fake
jobs and visa schemes.

FULL STORY

A phishing campaign has been uncovered by Mimecast researchers targeting the
Home Office Sponsorship Management System (SMS). 

The main aim of the campaign appear to be to compromise access to accounts,
which can then be sold on the dark web, extorting organizations through the
theft of sensitive data, and creating fraudulent Certificates of Sponsorship
(CoS). 

The campaign doesnt just affect organizations with sponsor license 
privileges, but threatens to undermine the entire UK immigration system.

UK Home Office at risk

The attackers begin the campaign by sending emails that closely resemble
legitimate emails distributed by the Home Office, using the same branding and
stylization. The emails include an urgent call to action that threatens
account suspension if the user doesnt log in. 

The victims are guided to a fake login page via a captcha-gated URL that 
looks very similar to the legitimate URL used by the Home Office. After
completing the captcha, the user lands on a cloned Home Office login page. 

The only differences between the legitimate and illegitimate pages are in the
form submission. The fake page directs credentials to an attacker-controlled
script, where the exposed credentials can be used to log in to the victims
account. 

With the stolen accounts, the attackers can then create fake job offers and
visa sponsorship schemes, and charge victims tens of thousands of pounds to
access them. 

The best protection against phishing campaigns such as this one is constant
vigilance. Always double check URLs and be cautious of urgent calls to 
action. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/uk-immigration-system-targeted-by-hacke
rs-dangerous-new-phishing-campaign-hits-sponsorship-management-system

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426