What you need to know
A recently discovered phishing scam is taking advantage of the death of Queen Elizabeth II to trick people into sharing personal data.
The scheme uses fake Microsoft emails that claim the company is working on an interactive AI memorial for the Queen.
The included links within the fake emails lead to a harvesting page that is designed to look like a Microsoft login page.
Proofpoint has identified a new phishing scam that aims to steal people's Microsoft login details. The campaign relies on people's sympathy for Queen Elizabeth II, who recently passed. Emails that claim to be from Microsoft solicit people's help to create a fictitious "interactive AI memory board in honor of Her Majesty Elizabeth II."
Clicking on links included in fake emails from the campaign will direct users to a page that's designed to look like a genuine Microsoft website. Instead, it is a credential harvesting page with the sole purpose of gathering people's personal data.
The attack utilizes a platform known as EvilProxy, which allows threat actors to bypass multi-factor authentication.
Proofpoint identified a credential #phish campaign using lures related to Her Majesty Queen Elizabeth II. Messages purported to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. pic.twitter.com/RCcqpgfFfXSeptember 14, 2022
Phishing scams often take advantage of trending topics to trick people. With many companies sharing condolences for Queen Elizabeth II and her family, it's reasonable to think that Microsoft could work on some sort of memorial for her. Unfortunately, these tactics are at least reasonably successful or people would not continue to use them.
The United Kingdom's National Cyber Security Centre (NCSC) warned of potential phishing attacks following the death of Queen Elizabeth II.
"As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain. While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral," said the NCSC on Tuesday, September 13, 2022.
Microsoft has a guide on how to spot phishing campaigns. People should look out for URLs that point to the wrong location, requests for personal information, and generic messages that aren't personally addressed to the recipient.