The Home Office has issued a communication to sponsors' Key Contacts and Authorising Officers, warning of ongoing phishing scams and reminding Sponsorship Management System (SMS) users to be vigilant about account security. 

What are the phishing scams?

In November 2025, the Home Office issued a warning and detailed guidance to sponsors about phishing scams that could compromise SMS account security.

According to a further communication earlier this month, phishing emails continue to be sent to licensed sponsors. 

Phishing emails may ask you to click a link to log in to SMS to avoid compliance action or to read new messages. Clicking on the link may allow scammers to gain access to your SMS account, which they can then use to apply for and assign Certificates of Sponsorship (for workers) or Confirmations of Acceptance for Studies (for students) fraudulently.

How to protect your SMS account 

The Home Office has reiterated that it will never send you a link to use to log into your SMS account, and you should never click on links related to SMS in emails. 

If you have clicked on an email link and entered your login details, you should change your password immediately (by logging in securely via gov.uk) and report any suspicious activity on your account to the Home Office. 

To protect your account, you must always follow SMS best practice, as follows:

• Only log into SMS through the gov.uk website;
• Never share your SMS password or user ID with anyone; and
• Regularly review your Level 1 and Level 2 users and deactivate accounts where appropriate (for example, if the user has left your organisation).

Need more help?

If you have received a suspicious email or phone call, or you are concerned that your SMS account may have been compromised, contact the Home Office at businesshelpdesk@homeoffice.gov.uk if you are a work route sponsor, or studyengagementteam@homeoffice.gov.uk if you are a student route sponsor.