A small number of care providers have had their Sponsorship Management System accessed by scammers, who then used this to allocate Certificates of Sponsorship (CoS) fraudulently to people outside of the organisation. We know this has involved scammers asking the individuals to pay for the fraudulent CoS.
The Home Office has written to sponsors warning about phishing scams. To protect your organisation:
-
Emails might come to inboxes that are not managed by the people who usually deal with your SMS account.
-
Always access your SMS account via the gov.uk website.
-
Never click on links asking you to verify credentials or to log into SMS.
-
Never share your SMS login details with anyone. The Home Office will not ask you for this information.
-
Change your SMS password regularly and make your password strong and long.
-
Don’t use the same password if you have access to more than one SMS account.
-
Remember to deactivate Level 1 and Level 2 users if they leave or change roles in your organisation.
-
Make sure your contact details, telephone number and email address, are up to date in the SMS.
-
Always have at least one, preferably two, active Level 1 users.
If you suspect your SMS account has been compromised:
-
Change your password immediately and ask all Level 1 and Level 2 users in your organisation to do the same.
-
Contact the Home Office.
-
Report the incident to Action Fraud.
Further support:
-
You can find contact details and further information in the full Home Office email guidance here.
-
The Digital Care Hub has a range of resources to support care providers with data security.
