For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.
Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.
NHS
More than a thousand phishing messages have been sent from NHS email accounts belonging to employees in England and Scotland, according to researchers from email security INKY.
... ...
The researchers tracked the fraudulent messages as coming from two NHS IP addresses, delivered from email accounts of 139 NHS employees. INKY detected 1,157 fraudulent emails at its clients originating from the two addresses.
“The NHS confirmed that the two addresses were relays within the mail system [NHSMail] used for a large number of accounts,” INKY said in a
report today.
In most cases, the phishing messages sent fake alerts for new document delivery that linked to fraudulent pages asking for Microsoft credentials.
To make the email more credible, the attackers added the NHS confidentiality disclaimer at the bottom of the message.
