Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Phishing campaign targets UK migrant sponsor system

The threat actors deploy fraudulent emails that impersonate official Home Office communications, typically sent to general organizational email addresses.

byKerem Gülen
August 13, 2025
in Cybersecurity, News

Mimecast identified a phishing campaign targeting UK organizations sponsoring migrant workers and students, exploiting Home Office branding within the Sponsorship Management System (SMS) to compromise credentials for financial exploitation and data theft.

Cyber criminals are exploiting Home Office branding in a newly identified phishing campaign, targeting holders of UK immigrant sponsor licenses participating in the government’s Sponsorship Management System. This system is primarily designed for employers sponsoring visas in the Worker and Temporary Worker categories, as well as institutions sponsoring visas in the Student and Child categories. Its core functions include managing the creation and assignment of sponsorship certificates for prospective employees or students, and reporting changes of circumstances for sponsored immigrants.

The campaign, identified by Samantha Clarke, Hiwot Mendahun, and Ankit Gupta of the Threat Research Team at Mimecast, an email security specialist, appears to primarily seek to compromise credentials for subsequent financial exploitation and data theft. The Mimecast team stated that this campaign presents a significant threat to the UK immigration system, with attackers attempting to compromise access to the Sponsorship Management System for extensive financial and data exploitation.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The threat actors deploy fraudulent emails that impersonate official Home Office communications, typically sent to general organizational email addresses. These emails contain urgent warnings about compliance issues or account suspension and include malicious links that redirect recipients to convincing fake SMS login pages designed to harvest User IDs and passwords.

The systematic nature of the campaign begins with phishing emails that initially appear to closely mimic a genuine Home Office notification. These messages are presented as urgent notifications or system alerts requiring prompt attention. However, their true purpose is to direct users to fake login pages to capture the victims’ SMS credentials. A deeper technical analysis conducted by the Mimecast team revealed that the perpetrators are employing captcha-gated URLs as an initial filtering mechanism.

This is followed by redirection to attacker-controlled phishing pages, which are direct clones of the genuine article. These cloned pages incorporate pilfered HTML, links to official UK government assets, and minimal yet critical changes to the form submission process. The Mimecast team noted that the threat actors demonstrate advanced understanding of government communication patterns and user expectations within the UK immigration system.

The objective of this phishing attack appears to be twofold, targeting both organizations legitimately sponsoring immigrants to the UK and the immigrants themselves. Once the primary victims’ SMS credentials are compromised, the attackers pursue multiple different monetization objectives. Chief among these objectives appears to be the sale of access to compromised accounts on dark web forums to facilitate the issuance of fake Certificates of Sponsorship (CoS). Additionally, the attackers conduct extortion attacks directly on the organizations themselves. A more obscured, and potentially more profitable, avenue for exploitation involves the creation of fake job offers and visa sponsorship schemes. Individuals seeking to relocate to the UK have reportedly been defrauded of up to £20,000 by these cyber criminals for what appeared to be legitimate visas and job offers that never materialized.

Mimecast has implemented comprehensive detection capabilities for its customers who may be at risk from this phishing campaign. The firm’s email security platform is designed to detect and block incoming emails associated with this activity, and Mimecast continues to monitor for any further developments. Organizations utilizing the SMS service should consider implementing several protective measures. These include deploying email security capabilities to detect government impersonation and suspicious URL patterns, and implementing URL rewriting and sandboxing to analyze links prior to user interaction.

It is also advised to establish and enforce multifactor authentication (MFA) on SMS access, rotate these credentials frequently, and monitor SMS accounts for unusual access patterns or login locations that appear inconsistent. Organizations should engage individuals with SMS access on genuine Home Office communications and official email domains, emphasizing the importance of verifying urgent notifications before taking action. This should be coupled with general phishing-awareness training and simulations. Additionally, setting up verification procedures for SMS-related communications, incorporating SMS compromise into incident response protocols, and segregating SMS duties where possible can help mitigate single-point-of-failure scenarios. The Home Office has been contacted for comment regarding this campaign.


Featured image credit

Tags: FeaturedmimecastphishingUK

Related Posts

ChatGPT adds Instant Checkout with Agentic Commerce Protocol

ChatGPT adds Instant Checkout with Agentic Commerce Protocol

September 30, 2025
California enacts SB 53 AI transparency law

California enacts SB 53 AI transparency law

September 30, 2025
YouTube settles Trump lawsuit for .5 million

YouTube settles Trump lawsuit for $24.5 million

September 30, 2025
EA sold to Saudi-backed group for  billion

EA sold to Saudi-backed group for $55 billion

September 30, 2025
Cross-Chain is the new competitive edge: Building secure, interoperable systems in the Web3 era

Cross-Chain is the new competitive edge: Building secure, interoperable systems in the Web3 era

September 30, 2025
Anthropic releases Claude Sonnet 4.5 with advanced coding and agent capabilities

Anthropic releases Claude Sonnet 4.5 with advanced coding and agent capabilities

September 30, 2025

LATEST NEWS

ChatGPT adds Instant Checkout with Agentic Commerce Protocol

California enacts SB 53 AI transparency law

YouTube settles Trump lawsuit for $24.5 million

EA sold to Saudi-backed group for $55 billion

Cross-Chain is the new competitive edge: Building secure, interoperable systems in the Web3 era

Anthropic releases Claude Sonnet 4.5 with advanced coding and agent capabilities

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.