UK National Health Service Email Accounts Compromised by Hackers to Steal Microsoft Logins

For about six months, more than 100 National Health Service (NHS) employees in the United Kingdom had their email accounts used in various phishing attacks, some of which intended to steal Microsoft logins.

Malicious actors began using authentic NHS email accounts in October 2021 after hacking them, and they continued to do so until at least April 2022.

As stated by security experts at email security platform INKY, more than a thousand phishing email messages have been sent from National Health Service email accounts belonging to employees in England and Scotland.

The specialists discovered that the malicious messages came from two NHS IP addresses and were sent from 139 NHS employees’ email accounts. INKY found 1,157 phishing emails from the two addresses that were sent to its customers.

The NHS confirmed that the two addresses were relays within the mail system [NHSMail] used for a large number of accounts.


In most instances, the fraudulent emails sent out phony document delivery notifications that linked to bogus pages requiring Microsoft credentials. Also, the threat actors included a confidentiality disclaimer from the NHS at the bottom of the email to make it look authentic.

Some emails even posed as Adobe and Microsoft

Read More: