A phishing operation compromised over one hundred UK National Health Service (NHS) employees’ Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky.
During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.
“The true scope of the attack could have been much larger, as Inky detected only those attempts made on our customers,” the company’s VP of Security Strategy Roger Kay wrote in a blog post. “But given how many we found, it’s safe to say that the total iceberg was much bigger than the tip we saw.”
Source: The Register