Mimecast raises alarm over phishing threat

Cyber security firm Mimecast has issued a warning regarding a “significant threat” to the UK immigration system, following the discovery of a sophisticated phishing campaign aimed at sponsor licence holders. This campaign involves attackers impersonating official Home Office communications to steal login credentials for the Sponsorship Management System (SMS), a secure portal used by approved organisations for managing visa sponsorships.

The latest findings from Mimecast’s Threat Research team indicate that these fraudulent emails often contain urgent compliance warnings or threats of account suspension. They direct recipients to highly convincing fake SMS login pages. Once the attackers obtain the login credentials, they can issue fraudulent Certificates of Sponsorship, thereby enabling complex immigration scams.

Among the most profitable schemes identified are those that create fake job offers and visa sponsorships, with scammers charging victims between £15,000 and £20,000 for roles that do not exist. Compromised sponsor accounts lend an air of legitimacy to the associated documentation, allowing scammers to circumvent initial checks that would normally flag these activities as suspicious.

Natasha Chell, Partner and Head of Risk and Compliance at Laura Devine Immigration, noted that “We are aware of sponsors who have been targeted by these phishing scams and an unfortunate few who have had their systems breached.” She emphasised the need for sponsors—who act as gatekeepers of the sponsorship system—to protect their Home Office online accounts. Implementing strong IT practices, conducting regular training for Key Personnel, and contacting official Home Office channels to verify any suspicious requests are crucial steps in safeguarding these accounts.