Queen Elizabeth II’s death used in credential harvesting

Queen Elizabeth II’s death used in credential harvesting

Proofpoint’s Threat Insight Team reveled on 14th September 2022 that threat actors are employing phishing attacks with a “death of Queen Elizabeth II” theme. Users are tricked into visiting malicious websites created for credential harvesting.

Threat actors start the campaign with sending phishing emails with an embedded button.  To trick the receivers into posting their messages on an online memorial board “in honor of Her Majesty Queen Elizabeth II,” threat actors pretended to be Microsoft Corp. Team. The page will navigate to a phishing landing page if the user clicks the button, asking them to enter their Microsoft login credentials. Threat actors attempt to hijack the targeted accounts by stealing the multi-factor authentication codes in addition to the login information.

A new reverse-proxy phishing-as-a-service platform named EvilProxy, which was suggested on dark web forums, is being used by threat actors in this campaign. Although the effort seems to be limited, consumers should be cautious when opening emails about the passing of Queen Elizabeth II.

NCSC also warns citizens on these kind of phishing attacks,

Sources

https://www.bleepingcomputer.com/news/security/death-of-queen-elizabeth-ii-exploited-to-steal-microsoft-credentials/

Similar,

Harvest Credentials on Fraudulent Facebook Pages