Home Office Phishing Warning for UK Sponsors: How to Protect Your SMS Account
In this section:
- What the Scam Emails Look Like
- How Genuine Home Office Messages Are Delivered
- Immediate Steps for Sponsors to Ensure SMS Security
- The Only Safe Route to the SMS Login
- How to Report Suspicious Activity or Get Help
- Further Guidance on How to Use SMS
On 10 July 2025 the Home Office issued an urgent alert about a wave of phishing emails targeting organisations with a Sponsor Licence. The messages pretend to be compliance warnings from the Sponsorship Management System (SMS) and pressure recipients to log-in through a fake link. Anyone who enters their SMS user ID and password on that fake page hands cyber-criminals full access to their SMS account.
What the Scam Emails Look Like
- Claim to be from the Home Office.
- Alert you of a message on SMS with a warning of compliance action or suspension of your account if you fail to log in
- Provide a link that takes you to a page where you are asked for your SMS User ID and password.
- Scam emails are often sent to shared mailboxes that are taken from your organisation's website (for example, info@xyz.com), not to the email addresses of your key personnel.
Entering your credentials on the fake site can let the sender into your SMS account.
How Genuine Home Office Messages Are Delivered
Any electronic communications relating to your sponsor licence from the Home Office will come via one of the following channels:
- An email address ending @homeoffice.gov.uk, @fco.gov.uk, or @fcdo.gov.uk
- The Account Management Portal (AMP)
- On the message board of your SMS account
The Home Office will not ask you to verify your SMS User ID or password and will not send you a link or password to log in.
Immediate Steps for Sponsors to Ensure SMS Security
The Home Office advises:
- Do not click links in suspicious emails.
- Never share SMS login details.
- Change SMS passwords regularly, making them long and strong.
- Use different passwords if you have access to more than one SMS account.
- Deactivate Level 1 and Level 2 users who leave or change roles in your company.
- Keep contact details up to date.
- Always keep at least one, preferably two, active Level 1 users.
- If you think the account is compromised, change your password immediately and tell other Level 1/2 users to do the same.
Read the official Cyber security guidance for business to help you improve online security and protect your company against cyber threats.
The Only Safe Route to the SMS Login
- Go to www.gov.uk, select the "Welcome to.Gov.UK" link.
- Search for “UK visa sponsorship management system”.
- Select the result and click “Start now”.
- Log in to your SMS account.
How to Report Suspicious Activity or Get Help
If you have received an email or telephone call that doesn’t seem genuine, or you have concerns that your SMS account has been compromised, you can report it to:
- businesshelpdesk@homeoffice.gov.uk – if you’re an employer
- Studyengagementteam@homeoffice.gov.uk – if you are an educator
- Business Helpline – 0300 123 4699
If the Home Office receives information that your SMS account has been compromised, it may deactivate users while the issue is investigated. You will be contacted with follow up actions.
Get Compliance Support Today
Ensure your business stays compliant with expert guidance, automated tools, and a powerful digital platform. Relax knowing every detail is under control
BetterNations LTD, who is trading under the name ‘Nation.better’ (‘Nation.better’), is a company registered in England and Wales with company number 12066785. Nation.better is a software development company providing software-as-a-service (SaaS). BetterNations LTD is registered as a Data Controller under the ICO: ZA795311
Nation.better is registered with the Immigration Advice Authority (IAA), Ref. No: F202100313
The privacy and security of your information are our top priorities