Scam uses Queen Elizabeth II's death in attempt to phish Microsoft login details
A fake email pretending to be from Microsoft claims that the company is working on an interactive memorial for Queen Elizabeth II.
What you need to know
- A recently discovered phishing scam is taking advantage of the death of Queen Elizabeth II to trick people into sharing personal data.
- The scheme uses fake Microsoft emails that claim the company is working on an interactive AI memorial for the Queen.
- The included links within the fake emails lead to a harvesting page that is designed to look like a Microsoft login page.
Proofpoint has identified a new phishing scam that aims to steal people's Microsoft login details. The campaign relies on people's sympathy for Queen Elizabeth II, who recently passed. Emails that claim to be from Microsoft solicit people's help to create a fictitious "interactive AI memory board in honor of Her Majesty Elizabeth II."
Clicking on links included in fake emails from the campaign will direct users to a page that's designed to look like a genuine Microsoft website. Instead, it is a credential harvesting page with the sole purpose of gathering people's personal data.
The attack utilizes a platform known as EvilProxy, which allows threat actors to bypass multi-factor authentication.
Proofpoint identified a credential #phish campaign using lures related to Her Majesty Queen Elizabeth II. Messages purported to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. pic.twitter.com/RCcqpgfFfXSeptember 14, 2022
Phishing scams often take advantage of trending topics to trick people. With many companies sharing condolences for Queen Elizabeth II and her family, it's reasonable to think that Microsoft could work on some sort of memorial for her. Unfortunately, these tactics are at least reasonably successful or people would not continue to use them.
The United Kingdom's National Cyber Security Centre (NCSC) warned of potential phishing attacks following the death of Queen Elizabeth II.
"As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain. While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral," said the NCSC on Tuesday, September 13, 2022.
Microsoft has a guide on how to spot phishing campaigns. People should look out for URLs that point to the wrong location, requests for personal information, and generic messages that aren't personally addressed to the recipient.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.