Death of Queen Elizabeth II exploited to steal Microsoft credentials


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials.

Besides Microsoft account details, the attackers also attempt to steal their victims' multi-factor authentication (MFA) codes to take over their accounts.

"Messages purported to be from Microsoft and invited recipients to an 'artificial technology hub' in her honor," Proofpoint's Threat Insight team revealed today.

In the campaign spotted by Proofpoint, the phishing actors impersonate "the Microsoft team" and try to bait the recipients into adding their memo onto an online memory board "in memory of Her Majesty Queen Elizabeth II."

After clicking a button embedded within the phishing email, the targets are instead sent to a phishing landing page where they're asked first to enter their Microsoft credentials.

"Messages contained links to a URL redirecting credential harvesting page targeting Microsoft email credentials including MFA collection," Proofpoint added.

The attackers use a new reverse-proxy Phishing-as-a-Service (PaaS) platform known as EvilProxy promoted on clearnet and dark web hacking forums, which allows low-skill threat actors to steal authentication tokens to bypass MFA.

United Kingdom's National Cyber Security Centre warned on Tuesday about an increased risk of cybercriminals exploiting the Queen's death for their own gain in phishing campaigns and other scams.

"While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral," the NCSC said.

While this malicious activity seems limited, the NCSC has seen such phishing attacks and is currently investigating them.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.