Exploiting the Death of Queen Elizabeth II – When Cybercriminals Go Too Far

Cybercrime methods vary, but if it’s phishing, the threat actors will definitely play on your emotions to trick you. Whether it’s fear, urgency, or in today’s case, sympathy, the result is the same – a successful scam.

A week ago, the Lampion malware resurfaced with a new phishing scam that included a sense of urgency to get victims to click on a certain file. Now, cybercriminals are exploiting the death of Queen Elizabeth II in phishing attacks.

Apparently, the end result of the scam is to lure the targets to sites that can harvest their Microsoft account credentials. How are they pulling this off? What mechanisms are they using? Find out below.

Death of Queen Elizabeth II Scam: A Low-Class Phishing Attack

The Queen’s death shook the entire globe and everyone is in mourning. Unfortunately, cybercriminals are built without a conscience and this phishing scam is solid proof of that.

The main targets are the victims’ Microsoft accounts. However, the threat actors are not limiting their options. With this phishing scam, not only can they get the account details, but they also can steal multi-factor authentication (MFA) codes to take over them.

It all starts with an email impersonating the Microsoft Team. With a headline such as “in memory of Her Majesty Queen Elizabeth II,” users will fall for the trick.

The email includes an invitation to an ‘artificial technology hub’ in her honor hosted by none other than Microsoft. Within the email, there’s a button that supposedly should help users take part in this hub.

However, once they click on the button, it redirects them to a fake page where users are prompted to submit their Microsoft credentials.

And we all know what happens then. But what you may not know is that what the threat actors are using is a new technique to steal authentication tokens to bypass MFA.

A New Phishing Scam – Enter EvilProxy PaaS

Apparently, there’s a new reverse-proxy Phishing-as-a-Service (PaaS) platform that goes by the name of EvilProxy roaming on Clearnet and dark web hacking forums.

This PaaS platform can be used by anyone – even those with very little hacking skills. United Kingdom’s National Cyber Security Centre is urging users to stay vigilant during these times as a lot will be taking advantage of the Queen’s death:

“While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral.”

As we mentioned, threat actors often play on your emotions to trick you into clicking malicious links. All you have to do is avoid such emails and never click on a link you find suspicious.

Exploiting the Death of the Queen – How Low Can Cybercriminals Go?

Every phishing attack has the same pattern. You receive an email with an embedded link, which later directs you to a website that downloads a virus onto your computer and steals bank details, or other personal information.

As stated above, the only way to avoid this “Death of Queen Elizabeth II Scam” and future ones is to avoid clicking on the link, to begin with. Don’t give the threat actors what they want, protect your sensitive information.