It was predictable. Hackers are taking advantage of the death of Queen Elizabeth II to launch new phishing attacks to steal users’ personal data or even to take control of their accounts.
In an article published this week, the Bleeping Computer site mentions the existence of a phishing guy which targets Microsoft users, and which would have been revealed by Proofpoint. In essence, the targets of this attack received an email purporting to be from Microsoft inviting the recipient to an “artificial technology center” in honor of the Queen.
Proofpoint identified a credential #phish campaign using lures related to Her Majesty Queen Elizabeth II. Messages purported to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. pic.twitter.com/RCcqpgfFfX
— Threat Insight (@threatinsight) September 14, 2022
When the user clicks on the button included in the message, it is redirected to a page which (if the Internet user is not vigilant) allows hackers to steal Microsoft login data and then attempt to circumvent the two-step verification, to take control of the account.
Hackers always take advantage of major events
In the UK, the National Cyber Security Center has already published a message regarding phishing attacks and potential scams profiting from the death of Queen Elizabeth II.
“As with all major events, criminals may seek to exploit the death of Her Majesty The Queen for their own gain. benefited from COVID-19). Although the NCSC – which is part of GCHQ – has yet to see substantial evidence of this, as always you should be aware that this is a possibility and be alert to emails, text messages and other communications regarding the death of Her Majesty The Queen and arrangements for her funeral”can we read in the press release of the British agency.
Our phishing guidance can help you avoid potential scams related to the period of national mourning https://t.co/bnrJBGqaJ6
— NCSC UK (@NCSC) September 13, 2022
It also reminds us of the links to official sources of information, and specifies that the British do not need a ticket to come and pay homage to the queen.
“Cybercriminals often play on your emotions to get you to click and may also refer to high profile news events”also warns the National Cyber Security Center.
Otherwise, in addition to this attack which particularly targets users of Microsoft accounts, Bleeping Computer evokes another attack which, for its part, would seek to steal banking data.