Britain’s National Cyber Security Center has urged users to be alert to phishing attacks on the occasion of the death and funeral of the Queen of England. The first large-scale fraud campaign is now a fact, and it is coming to mailboxes on behalf of Microsoft.
The death of Queen Elizabeth II at the age of 96, after a 70-year reign, has drawn global attention, and with it the focus of cybercriminals. Tricksters are always ready to use any historically significant event to spread phishing emails and any other kind of fraud, the UK’s NCSC warned.
Each of the Queen’s Casket Days and the day of her funeral are prime occasions and on these days, and in the coming weeks, there could be an increase in cyber incidents exploiting the sad occasion.
According to experts, cybercriminals often play on people’s emotions to achieve their goals – for example, getting gullible victims to click on a fraudulent email. The tactic is known as “social engineering”.
“As with all major events, criminals may seek to use the death of Her Majesty the Queen for their own benefit,” the agency said. They warned that people should be wary of emails, text messages and other communications regarding the death of Her Majesty the Queen and offers relating to her funeral.
Since in such situations many phishing scams have focused on offering a fraudulent paid service, all people should be aware that no one needs a ticket to attend or watch the funeral. Other tactics may include offering non-existent ‘super-deals’ on train tickets, bus tickets, hotel accommodation – for those traveling to London.
Phishing emails can be extremely well-crafted, successfully impersonating well-known organizations and brands down to the finest detail and therefore difficult to recognize as fraudulent, experts warn.
However, there are some common signs of a scam that people should watch out for so they don’t fall victim easily. “Be alert if you receive messages claiming to be from an official source, such as your bank, GP, solicitor or government authority,” experts warn.
“Watch out for messages that give you a limited time to respond – cybercriminals often try to intimidate with short response times. Messages that evoke emotions—feelings of panic or fear, or even curiosity—may be suspicious. The same goes for messages that offer something scarce or a ‘super-deal’ that somehow seems too good to be true,” they added.
Almost simultaneously with the warning of the British National Center for Cyber Security, the Windows Central portal reported that a large-scale scam campaign has already been registered that uses the death of Queen Elizabeth II in an attempt to “capture” login data for entering Microsoft accounts. The scam is based on emails purporting to be from Microsoft and that the company is working on creating an “interactive AI memorial for the Queen”.
The letters invite people to help create the fictitious artificial intelligence memorial in honor of Her Majesty Elizabeth II.” The links embedded in the emails direct users to a page that is designed to look like a real Microsoft website. However, the page collects the credentials for the sole purpose of collecting people’s personal data.
The attack uses a platform known as EvilProxy that allows threat actors to bypass multi-factor authentication.
At the same time, Twitter accounts are swarming, posing as “official pages” of Buckingham Palace and offering tickets to the Queen’s funeral, the Sun reported. The messages contain fraudulent images that lead to a web page requiring the bank details of interested visitors.
Another hoax is being circulated by e-mail and claims that the Queen has bequeathed a huge sum to be distributed among the people of the world and that everyone should receive a certain amount. Users are asked to enter their bank card details to “get their share”.
Recipients of suspicious emails can report scams to the appropriate government authorities responsible for cybersecurity. For Bulgaria, this authority is CERT.bg.