Scam uses Queen Elizabeth II's death in attempt to phish Microsoft login details

Dell XPS 13 Plus (9320) for 2022
(Image credit: Daniel Rubino)

What you need to know

  • A recently discovered phishing scam is taking advantage of the death of Queen Elizabeth II to trick people into sharing personal data.
  • The scheme uses fake Microsoft emails that claim the company is working on an interactive AI memorial for the Queen.
  • The included links within the fake emails lead to a harvesting page that is designed to look like a Microsoft login page.

Proofpoint has identified a new phishing scam that aims to steal people's Microsoft login details. The campaign relies on people's sympathy for Queen Elizabeth II, who recently passed. Emails that claim to be from Microsoft solicit people's help to create a fictitious "interactive AI memory board in honor of Her Majesty Elizabeth II."

Clicking on links included in fake emails from the campaign will direct users to a page that's designed to look like a genuine Microsoft website. Instead, it is a credential harvesting page with the sole purpose of gathering people's personal data.

The attack utilizes a platform known as EvilProxy, which allows threat actors to bypass multi-factor authentication.

See more

Phishing scams often take advantage of trending topics to trick people. With many companies sharing condolences for Queen Elizabeth II and her family, it's reasonable to think that Microsoft could work on some sort of memorial for her. Unfortunately, these tactics are at least reasonably successful or people would not continue to use them.

The United Kingdom's National Cyber Security Centre (NCSC) warned of potential phishing attacks following the death of Queen Elizabeth II.

"As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain. While the NCSC – which is a part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral," said the NCSC on Tuesday, September 13, 2022.

Microsoft has a guide on how to spot phishing campaigns. People should look out for URLs that point to the wrong location, requests for personal information, and generic messages that aren't personally addressed to the recipient. 

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at