An active phishing campaign impersonates the UK Home Office to compromise organizations with sponsor licenses, aiming to steal SNS credentials for fraud and extortion. The attackers use sophisticated websites mimicking official UK immigration portals, leading to credential theft and subsequent illegal schemes. #HomeOffice #SponsorshipManagementSystem
Keypoints
- The phishing campaign targets UK organizations managing visa sponsorship programs.
- Email alerts with urgent messages direct victims to fake login pages requesting SMS credentials.
- The impersonation involves copying official SMS login pages with minimal changes to deceive users.
- Stolen credentials are used for fraud, extortion, and creating fake employment schemes.
- Organizations are advised to use anti-phishing tools, URL analysis, and sandboxing to prevent attacks.
Read More: https://www.infosecurity-magazine.com/news/home-office-phishing-uk/