- MILECAST discovers a Phishing campaign addressed to the United Kingdom Interior Ministry
- The accounts are stolen through Phishing Electronic Correos and False Websites
- False sites are almost indistinguishable
Mimecast researchers have discovered a Phishing campaign for the sponsorship management system (SMS) of Mimecast.
The main objective of the campaign seems to be compromising access to accounts, which can then be sold on the dark website, extorting organizations through the theft of confidential data and creating fraudulent sponsorship certificates (COS).
The campaign not only affects organizations with sponsor license privileges, but threatens to undermine the entire United Kingdom immigration system.
Interior Ministry of the United Kingdom at risk
The attackers begin the campaign by sending emails that are very similar to legitimate emails distributed by the house office, using the same brand and stylization. Electronic emails include an urgent call to the action that threatens the suspension of the account if the user does not log in.
The victims are guided to a false login page through a URL activated by captcha that seems very similar to the legitimate URL used by the office at home. After completing the captcha, the user lands on a login page of the office at Casa Clonada.
The only differences between legitimate and illegitimate pages are the presentation of the form. The false page directs the credentials to a script controlled by the attacker, where the exposed credentials can be used to log in to the victims account.
With stolen accounts, attackers can create false job offers and visa sponsorship schemes, and charge victims of thousands of pounds to access them.
The best protection against Phishing campaigns as this is constant surveillance. Always verify the URLs and be careful with the urgent calls to the action.
You can find a complete list of the indicators of this Phishing campaign on the Mimecast blog.
