TZUTC: -0500   
   MSGID: 1365.consprcy@1:2320/105 2d032b2e   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   UK immigration system targeted by hackers - dangerous new phishing campaign   
   hits Sponsorship Management System   
      
   Date:   
   Thu, 14 Aug 2025 11:04:53 +0000   
      
   Description:   
   Phishing emails are being used to steal account credentials to generate fake   
   jobs and visa schemes.   
      
   FULL STORY   
      
   A phishing campaign has been uncovered by Mimecast researchers targeting the   
   Home Office Sponsorship Management System (SMS).    
      
   The main aim of the campaign appear to be to compromise access to accounts,   
   which can then be sold on the dark web, extorting organizations through the   
   theft of sensitive data, and creating fraudulent Certificates of Sponsorship   
   (CoS).    
      
   The campaign doesnt just affect organizations with sponsor license    
   privileges, but threatens to undermine the entire UK immigration system.   
      
   UK Home Office at risk   
      
   The attackers begin the campaign by sending emails that closely resemble   
   legitimate emails distributed by the Home Office, using the same branding and   
   stylization. The emails include an urgent call to action that threatens   
   account suspension if the user doesnt log in.    
      
   The victims are guided to a fake login page via a captcha-gated URL that    
   looks very similar to the legitimate URL used by the Home Office. After   
   completing the captcha, the user lands on a cloned Home Office login page.    
      
   The only differences between the legitimate and illegitimate pages are in the   
   form submission. The fake page directs credentials to an attacker-controlled   
   script, where the exposed credentials can be used to log in to the victims   
   account.    
      
   With the stolen accounts, the attackers can then create fake job offers and   
   visa sponsorship schemes, and charge victims tens of thousands of pounds to   
   access them.    
      
   The best protection against phishing campaigns such as this one is constant   
   vigilance. Always double check URLs and be cautious of urgent calls to    
   action.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/uk-immigration-system-targeted-by-hacke   
   rs-dangerous-new-phishing-campaign-hits-sponsorship-management-system   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426