Hackers Have Exploited The Queen’s Death

Uploaded on 2022-10-02 in GOVERNMENT-National, FREE TO VIEW

Hackers are taking advantage of the outpouring of condolences for the late British monarch Queen Elizabeth II to launch a phishing attack and surreptitiously gain access to the Microsoft accounts of unsuspecting victims, cybersecurity researchers at Proofpoint revealed.

During this period following the death of Her Majesty the Queen, including her Lying-in-State and State Funeral, there has been an increase in phishing emails and other scams. Threat actors have been capitalising on the death of Queen Elizabeth II to lure targets into clicking on phishing links that request Microsoft credentials. 

Experts at Proofpoint posted a screenshot that revealed the phishing emails appear as though they are being sent from the tech giant itself. The headline claims to pay tribute to the late Queen Elizabeth with an interactive AI memory board.

Proofpoint identified a credential phishing campaign using lures related to Her Majesty Queen Elizabeth II. Messages purported to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. With the headline “In Memory of Her Majesty Queen Elizabeth II,” it claimed that Microsoft is launching an “interactive AI memory board” in her honor and needs “the assistance of our users” to make it work.

To take part in the ‘Elizabeth II Memory Board’ the recipient is urged to click on a button embedded in the email, which will take them to a page prompting them to enter their email credentials. It also features a capability to bypass multi-factor authentication (MFA), Proofpoint warned.

“EvilProxy is a #MITM [man-in-the-middle] phishing framework that uses a reverse proxy to customize landing pages for each recipient and collect credentials and bypass #MFA protection,” Proofpoint said of the infrastructure used to deploy the campaign. “The kit is relatively new and is available for sale on exploit forums.”

However, to take part in the fraudulent memory board, users must click the link embedded in the email. This link takes users to a phished site that prompts users to enter their Microsoft credentials. The site also features a capability to bypass multi-factor authentication, according to Proofpoint.

Major news stories are typically capitalised by threat actors to lure victims into falling for phishing schemes. In this case, instead of inducing urgency, the phishers are capitalizing on grief, concern, and sadness brought on by the Queen’s death.

These themes could continue to pop up in various phishing campaigns and cyber security risks as threat actors continue to find new ways to lure victims.

The phishing campaign was spotted a day after the UK's National Cyber Security Centre (NCSC) warned there might be an increase in phishing emails and other scams related to the queen during national mourning and the UK’s National Cyber Security Centre warned users to expect a surge in phishing attempts related to the Queen’s death.

Proopoint:     NCSC:     Oodaloopp:     Threat Insight:      VPN Review:     Microsoft

You Might Also Read: 

Microsoft Warning - Windows Flaw Being Attacked:

 

« Vulnerabilities In Airline WiFi Devices Expose Passenger Data
Google Loses Its Appeal & Must Pay €4.1Billion EU Penalty »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

10Duke

10Duke

Identity management and entitlement solutions that help you connect to your online customers and drive engagement and revenue.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

La Playa

La Playa

La Playa is an award-winning independent insurance broker offering specialist cover in areas including cyber and privacy.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

Innosphere

Innosphere

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.