Security News > 2022 > May > Phishing operation hits NHS email accounts to harvest Microsoft credentials
A phishing operation compromised over one hundred UK National Health Service employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky.
During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.
Last year, the NHS migrated its email service from an on-premises system to Microsoft Exchange Online, which "Could have been a factor in the attack," Kay noted.
"NHS organizations running their own email systems will have similar processes and protections in place to identify and coordinate their responses, and call upon NHS Digital assistance, if required."
All of the emails had the NHS email footer at the bottom, Kay noted.
Although 139 email accounts represents a very small number of the total user base of NHSMail - just "a few ten-thousandths of one percent of the total," Kay noted, it's significant because NHS is a national organization with a very large scope, Kay said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/05/phishing_campaign_nhs/
Related news
- Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- Google now blocks spoofed emails for better phishing protection (source)
- Microsoft warns Gmail blocks some Outlook email as spam, shares fix (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- Microsoft will limit Exchange Online bulk emails to fight spam (source)