We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
A spear-phishing campaign has been observed targeting governmental organisations across the UK. The groups operating the campaign appear to be performing reconnaissance on potential targets to ensure higher success rates.
A spear-phishing campaign has been observed targeting governmental organisations across the UK. The groups operating the campaign appear to be performing reconnaissance on potential targets to ensure higher success rates.
Threat details
The malicious emails are sent from known contacts and use subject lines taken from recent email conversations. The messages themselves typically consist of a colourful (often blue or green) button element encouraging the user to interact with them in order to view the full image. Additional text included within or below the button can consist of timestamps, email addresses or strings of random text.
Users who interact with the button are presented with a login page, spoofing their organisation, asking for email address and account password. At the time of publication, it is unclear if the user is redirected to a legitimate login page if they provide their details at this stage.
Accounts compromised by this campaign have been observed being accessed remotely over POP or IMAP in order to monitor the affected mailbox and sent items, as well as to forward the phishing email to the user's contacts via SMTP.
There are also reports suggesting that legacy Office 365 accounts may be compromised simply by interacting with the button, although this has not been confirmed as of the time of publication.
Update
A new Blue-Green Button campaign has been observed using a new red lure button design has been observed. All other features are identical to previous campaigns.