Cybercriminals are taking advantage of the death of Queen Elizabeth II to launch phishing attacks, specifically these scammers directing users to malicious pages that are designed to steal Microsoft credentials.
Proofpoint (cybersecurity company) has detected fraudulent emails where cybercriminals pose as the Microsoft team to try to deceive recipients, thus getting victims to sign a virtual book of condolences in memory of Elizabeth II.
By clicking on the link included in the phishing, those affected are redirected to a fraudulent page where they are asked to enter their email passwords. In addition to your data at Microsoft, attackers are also trying to steal multi-factor authentication (MFA) codes to gain control of your accounts.
Scam message.Proofpoint
With this scam, cybercriminals use a phishing framework called EvilProxy’ to reverse proxy landing pages to each recipient, harvest credentials, and bypass MFA protection.
The death of Elizabeth II has become a topic of social engineering for scammers, since it only requires the manipulation of the emotional state of users. In this case, the attackers cause a feeling of sadness among the victims, therefore, they create spaces to share comments and memories in honor of the queen with the intention of scamming users.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.