Curious cybercriminals are taking advantage of the news around the death of Queen Elizabeth II in their phishing attacks. They are luring targets with malicious sites to steal their Microsoft credentials.
What’s happening?
- According to researchers, phishing actors impersonate the Microsoft team and attempt to lure the recipients into adding memos onto an online memory board “In memory of Her Majesty Queen Elizabeth II.”
- The messages inside the spam email have links pointing to a URL redirecting to the credential harvesting page, which can bypass MFA.
- The attackers use Phishing-as-a-Service (PaaS) platform EvilProxy to steal authentication tokens for bypassing MFA.
NCSC warns
The NCSC, U.K, issued a warning regarding an increased risk of cybercriminals abusing the Queen's death for their own advantage in phishing campaigns and fraud.
- The agency urged users to stay alert and watch for fake emails and text messages concerning the death of Her Majesty.
- It has further advised that a person does not require a ticket for the Lying-in-State and they don't need to pay.
Conclusion
Cybercriminals often take advantage of current affairs, such as the death of Her Majesty Queen Elizabeth II, to target their victims. The goal of the attackers is to trick potential victims into visiting a fake website for spreading malware. Thus, users are recommended to be cautious of suspicious emails and messages on social media.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/0fcd_shutterstock_1331092814.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/1fff_shutterstock_1384058498.jpg)
