Home Office Warns UK Sponsors: Phishing & Cybersecurity Risks

Home Office Phishing Warning

On 10 July 2025, the Home Office issued a notification regarding phishing scams targeting UK sponsor licence holders through the Sponsorship Management System (SMS). These scams involve emails that appear to be from the Home Office, often sent to general email addresses listed on organizations' websites.

The scam emails typically warn recipients about a compliance action or the potential suspension of their SMS account, urging them to log in using a provided link. Clicking on the link can lead to unauthorized access to SMS accounts.

The Home Office emphasizes several key points for sponsors:

• Legitimate communications will only come from @homeoffice.gov.uk, @fco.gov.uk, or @fdco.gov.uk email addresses.
• Emails will be sent to specific personnel, not to general organization email addresses.
• The Home Office will never ask for User ID or password verification, nor will it provide links to log into SMS.
• Users are advised not to click on suspicious links or share login details.
• Regular password changes and keeping contact details updated are recommended.

If you suspect your SMS account has been compromised, contact the Home Office at [email protected] or [email protected].

Cybersecurity Guidance for Sponsor Licence Holders

The Home Office has issued guidance to help sponsor licence holders secure their data within the SMS. With evolving cyber threats, sponsors are urged to enhance their cyber awareness to protect sensitive information. Compliance with UK GDPR is crucial, requiring robust data handling practices.

Key recommendations include:

• Avoid clicking on suspicious links and ensure URLs end with ‘.gov.uk’.
• Never share SMS login credentials and regularly update passwords.
• Use unique passwords for different SMS accounts.
• Deactivate users who leave or change roles within the organization.
• Maintain updated contact information and ensure active Level 1 users.

If you encounter suspicious communications, report them immediately to:

• Employers: [email protected]
• Educators: [email protected]

For more guidance, visit the National Cyber Security Centre website.

Visa Scam Investigation

An undercover investigation reveals a cash-for-visas scam involving corrupt immigration advisers who assist unqualified workers in deceiving the Home Office for skilled worker visas. Charges can reach up to £22,000 per individual, with advisers like Joe Estibeiro manipulating the system by falsely claiming the need for sponsorship licences.

Estibeiro's tactics include:

• Fabricating job advertisements to mislead the Home Office.
• Coaching immigrants to exaggerate their qualifications.
• Ensuring workers receive only a fraction of their reported salaries while pocketing large commissions.

This situation raises concerns about immigration integrity, with Shadow Home Secretary Chris Philp calling for tighter regulations on immigration advisers.

Support for International ASC Workers

The UK government has established support for international adult social care (ASC) workers whose employer's sponsor licence has been revoked. This initiative aims to assist those on the Health and Care Worker visa affected by revocations, offering various forms of support including employment guidance and mental health resources.

The support encompasses:

• Advice on visa status and employment rights.
• Assistance in finding new employers for visa sponsorship.
• Financial support options for those facing hardship due to job loss.
• Mental health support services.

For assistance, affected workers should contact their local regional partnerships, ensuring they provide accurate personal information for timely support.

If you're an employer looking to recruit international workers impacted by these revocations, expedited applications for sponsorship can be requested.

For more details, visit the Support offer to international ASC workers page.