Attackers hijack UK NHS email accounts to steal Microsoft logins

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.
Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.

NHS

More than a thousand phishing messages have been sent from NHS email accounts belonging to employees in England and Scotland, according to researchers from email security INKY.
... ...
The researchers tracked the fraudulent messages as coming from two NHS IP addresses, delivered from email accounts of 139 NHS employees. INKY detected 1,157 fraudulent emails at its clients originating from the two addresses.

“The NHS confirmed that the two addresses were relays within the mail system [NHSMail] used for a large number of accounts,” INKY said in a report today.

In most cases, the phishing messages sent fake alerts for new document delivery that linked to fraudulent pages asking for Microsoft credentials.
To make the email more credible, the attackers added the NHS confidentiality disclaimer at the bottom of the message.
 
  • Sad
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top