National Health Service Email Inboxes Used for Illegal Email Transmission

  • By Patrick Ryan
  • May 13, 2022

More than 1,000 phishing emails have been sent from the inboxes of National Health Service employees. The National Health Service, or NHS for short, is based in the United Kingdom. The harmful messages in question were transmitted across a period of six months earlier this year. The phishing scam is just another example of why businesses of every type and size should implement the digital safeguards necessary to prevent account takeovers.

When Did the Phishing Email Scam Begin?

According to Inky, an email security specialist, the campaign began in October of 2021. The campaign quickly escalated this spring when the company found more than 1,100 phishing messages sent from NHS email inboxes. Inky then reported the findings to the National Health Service, whereupon the messages significantly slowed. It appears that the phishing scam artists were aware of the communication between Inky and NHS.  

How Many Employee Email Accounts Were Affected?

Nearly 140 employee email accounts at the NHS were compromised. Those email accounts transmitted phony new notification documents with harmful links to websites that harvest credentials. In particular, the sites zeroed in on Microsoft login credentials.

Each of the email messages sent in the phishing attack used the official NHS footer used at the bottom of all legitimate emails. In fact, some of the email messages even went as far as impersonating Microsoft and Adobe with the use of their logos. It is also worth noting Inky’s investigation strictly pertained to its customers, meaning the scale of the phishing campaign is likely much larger than it currently appears.

How Did the NHS Respond to the Attack?

The NHS issued a statement after Inky forwarded its findings. The NHS statement insisted that the organization has the necessary procedures in place to perform ongoing internal monitoring to identify digital security threats. The organization also noted that such risks are proactively addressed with the assistance of digital security partners. The statement also noted the assistance provided by the organization’s NHS Digital group.

How Did the Attack Occur?

It is not completely clear how NHS employee email accounts were compromised in the attack. The digital attack is significant as it shows the NHS had more phishing emails in the year gone by than any other organization in its sector when analyzed on a per-employee basis.  

There is the potential for the NHS’ email system migration to have played a role in the attack. NHS shifted its employee email system, referred to as NHSMail, from onsite to Microsoft Exchange Online. The migration spurred alterations in the security environment that might have potentially created a vulnerability for phishing scammers to exploit.w

What Occurs When the Phishing Messages are Responded To?

Inky’s team responded to some of the phishing messages to track down the group responsible for the covert attack. A reply issued to the messages in question generated a return response from an individual who goes by the pseudonym of “Shyann Huels,” a supposed special secretary to none other than the founder of, Jeff Bezos.  

However, this fake name and response were also used in similar phishing scams conducted at the start of spring. The scammer behind those operations owns a crypto wallet address that illegally scammed people and companies into forking over nearly $200,000.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Latest Articles

Fronton Botnet Tracks Online Activity and More

Fronton Botnet Tracks Online Activity and More

A botnet referred to as Fronton tracks activity on the internet and conducts illegal operations. The IoT botnet aims to steal information, disinform, and wreak general havoc on the web.

New Keylogger is Transmitted Through PDFs

New Keylogger is Transmitted Through PDFs

A keylogger is infecting computers through harmful PDF files. The snake keylogger centers on an email campaign that sends PDF files and other files from Microsoft Word programs.

Bug Might Allow Thieves to Steal Money from PayPal Accounts

Bug Might Allow Thieves to Steal Money from PayPal Accounts

The failure to quickly patch a bug might empower online criminals to steal money directly out of the accounts of PayPal users.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Run a Free Identity Scan
Check if your information is compromised