National Health Service Email Inboxes Used for Illegal Email Transmission
Table of Contents
- By Patrick Ryan
- May 13, 2022
More than 1,000 phishing emails have been sent from the inboxes of National Health Service employees. The National Health Service, or NHS for short, is based in the United Kingdom. The harmful messages in question were transmitted across a period of six months earlier this year. The phishing scam is just another example of why businesses of every type and size should implement the digital safeguards necessary to prevent account takeovers.
When Did the Phishing Email Scam Begin?
According to Inky, an email security specialist, the campaign began in October of 2021. The campaign quickly escalated this spring when the company found more than 1,100 phishing messages sent from NHS email inboxes. Inky then reported the findings to the National Health Service, whereupon the messages significantly slowed. It appears that the phishing scam artists were aware of the communication between Inky and NHS.
How Many Employee Email Accounts Were Affected?
Nearly 140 employee email accounts at the NHS were compromised. Those email accounts transmitted phony new notification documents with harmful links to websites that harvest credentials. In particular, the sites zeroed in on Microsoft login credentials.
Each of the email messages sent in the phishing attack used the official NHS footer used at the bottom of all legitimate emails. In fact, some of the email messages even went as far as impersonating Microsoft and Adobe with the use of their logos. It is also worth noting Inky’s investigation strictly pertained to its customers, meaning the scale of the phishing campaign is likely much larger than it currently appears.
How Did the NHS Respond to the Attack?
The NHS issued a statement after Inky forwarded its findings. The NHS statement insisted that the organization has the necessary procedures in place to perform ongoing internal monitoring to identify digital security threats. The organization also noted that such risks are proactively addressed with the assistance of digital security partners. The statement also noted the assistance provided by the organization’s NHS Digital group.
How Did the Attack Occur?
It is not completely clear how NHS employee email accounts were compromised in the attack. The digital attack is significant as it shows the NHS had more phishing emails in the year gone by than any other organization in its sector when analyzed on a per-employee basis.
There is the potential for the NHS’ email system migration to have played a role in the attack. NHS shifted its employee email system, referred to as NHSMail, from onsite to Microsoft Exchange Online. The migration spurred alterations in the security environment that might have potentially created a vulnerability for phishing scammers to exploit.w
What Occurs When the Phishing Messages are Responded To?
Inky’s team responded to some of the phishing messages to track down the group responsible for the covert attack. A reply issued to the messages in question generated a return response from an individual who goes by the pseudonym of “Shyann Huels,” a supposed special secretary to none other than the founder of Amazon.com, Jeff Bezos.
However, this fake name and response were also used in similar phishing scams conducted at the start of spring. The scammer behind those operations owns a crypto wallet address that illegally scammed people and companies into forking over nearly $200,000.