Recently, cyber security experts at Mimecast revealed a worrying phishing campaign threatening the UK immigration system. The primary targets are sponsor licence holders, with attackers mimicking official communications from the Home Office to extract sensitive data.
The phishing strategy involves impersonating legitimate Home Office emails to steals victims' login credentials for the Sponsorship Management System (SMS). This secure platform is crucial for approved organisations that manage visa sponsorships. Attacks are accompanied by supposed urgent compliance alerts or threats of account suspension, lending a sense of urgency and authenticity to the communications.
Mimecast’s team found these fraudulent emails directing recipients to meticulously crafted fake SMS login pages. Once login details are compromised, attackers exploit access to issue fraudulent Certificates of Sponsorship.
Some scams extend fake job offers or visa sponsorships, deceiving individuals into paying between £15,000 and £20,000 for positions that do not exist. By manipulating compromised sponsor accounts, scam documentation appears genuine enough to evade basic checks, dangerously undermining the integrity of the system.
Natasha Chell, Partner and Head of Risk and Compliance at Laura Devine Immigration, emphasised, ‘We are aware of sponsors who have been targeted by these phishing scams and an unfortunate few who have had their systems breached. As gatekeepers of the sponsorship system, sponsors need to protect their Home Office online accounts by having robust IT practices, regular training for Key Personnel who have access to the accounts and they should always contact the official Home Office channels to verify any suspicious requests.’
This ongoing threat highlights vulnerabilities that can be exploited within immigration management systems. As such, organisations responsible for navigating the complexities of the UK visa sponsorship processes must remain vigilant. The emphasis should be on maintaining robust cyber security defences and rigorous verification procedures to thwart these increasingly sophisticated phishing campaigns.
