Queen Elizabeth II’s death used in credential harvesting
September 28th, 2022 - Written By CyberLabs
Proofpoint’s Threat Insight Team reveled on 14th September 2022 that threat actors are employing phishing attacks with a “death of Queen Elizabeth II” theme. Users are tricked into visiting malicious websites created for credential harvesting.
Proofpoint identified a credential #phish campaign using lures related to Her Majesty Queen Elizabeth II. Messages purported to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. pic.twitter.com/RCcqpgfFfX
— Threat Insight (@threatinsight) September 14, 2022
Threat actors start the campaign with sending phishing emails with an embedded button. To trick the receivers into posting their messages on an online memorial board “in honor of Her Majesty Queen Elizabeth II,” threat actors pretended to be Microsoft Corp. Team. The page will navigate to a phishing landing page if the user clicks the button, asking them to enter their Microsoft login credentials. Threat actors attempt to hijack the targeted accounts by stealing the multi-factor authentication codes in addition to the login information.
A new reverse-proxy phishing-as-a-service platform named EvilProxy, which was suggested on dark web forums, is being used by threat actors in this campaign. Although the effort seems to be limited, consumers should be cautious when opening emails about the passing of Queen Elizabeth II.
NCSC also warns citizens on these kind of phishing attacks,
Our phishing guidance can help you avoid potential scams related to the period of national mourning https://t.co/bnrJBGqaJ6
— NCSC UK (@NCSC) September 13, 2022