User Alert as Phishing Campaigns Exploit Queen’s Passing


Threat actors are using the death of Queen Elizabeth II as a lure to phish for users’ Microsoft credentials, experts have warned.

A screenshot posted by Proofpoint yesterday revealed an email spoofed to appear as if sent from the tech giant.

With the headline “In Memory of Her Majesty Queen Elizabeth II,” it claimed that Microsoft is launching an “interactive AI memory board” in her honor and needs “the assistance of our users” to make it work.

To take part in the ‘Elizabeth II Memory Board’ the recipient is urged to click on a button embedded in the email, which will take them to a page prompting them to enter their email credentials. It also features a capability to bypass multi-factor authentication (MFA), Proofpoint warned.

“EvilProxy is a #MITM [man-in-the-middle] phishing framework that uses a reverse proxy to customize landing pages for each recipient and collect credentials and bypass #MFA protection,” Proofpoint said of the infrastructure used to deploy the campaign. “The kit is relatively new and is available for sale on exploit forums.”

Sherrod DeGrippo, VP of threat research and detection at Proofpoint, explained that major news stories like COVID-19 and the Queen’s death are always exploited by phishing actors.

“Social engineering requires the manipulation of an end target’s emotional state. In this case, the attacker is attempting to elicit a sense of grief, concern or sadness by providing a place to share memories and comments in honor of the Queen,” she continued.

“We expect to see threat actors continue to use themes related to the Queen and the monarchy for some time as the events and mourning period continue.”

Earlier in the week, the UK’s National Cyber Security Centre (NCSC) warned users to expect a surge in phishing attempts related to the Queen’s death.

“While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral,” it said.

Products You May Like

Articles You May Like

Hive ransomware servers shut down at last, says FBI
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
Are you in control of your personal data? – Week in security with Tony Anscombe
ICO Offers Data Protection Advice to SMBs
New Cheats May Emerge After Riot Games Hack

Leave a Reply

Your email address will not be published. Required fields are marked *