The death of Queen Elizabeth II has attracted the attention of the media and internet users from all over the world who, intrigued, search online for information and curiosities about the royal house.
A lot of curiosity and lack of awareness of the threat by online users combine to create the conditions for a perfect storm, cyber criminals as well as nation-state actors are ready to exploit the event for their own attacks.
We had been waiting for the news of the attacks from the very first moments in which rumors circulated about the worsening of the Queen’s conditions, and albeit with a little delay the offensives started on time.
Among the first to spot the attacks were Proofpoint researchers who discovered one phishing campaign that is using Queen Elizabeth II’s death as decoy.
The target of the campaign identified by Proofpoint are Microsoft users, cybercriminals have conceived the campaign to trick recipients into visiting phishing sites designed specifically to steal Microsoft account credentials and even the codes used as double authentication factors (MFA codes ).
The messages part of this phishing campaign appear as coming from Microsoft and inviting recipients to take part in an “initiative that uses artificial intelligence” in honor of Queen Elizabeth II.
The content of the message informs recipients that Microsoft is creating a kind of interactive whiteboard based on artificial intelligence in honor of Her Majesty Queen Elizabeth II and invites them to contribute to its creation.
Obviously, to access this initiative, users must use their Microsoft account credentials to authenticate themselves through a fake login page.
In the image relating to the body of the email a button is visible by clicking on which the recipients are redirected to the phishing page where they are asked to enter their Microsoft credentials.
Another element of interest in this campaign lies in the use of a new generation Phishing Kit known as EvilProxy. A Phishing Kit allows cybercriminals, upon payment of a subscription fee to the service, to generate and use phishing emails designed to allow cybercriminals to steal recipients’ credentials. These kits have templates to target users of major web services, including Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others.
These kits are simple to use, they do not require specific skills to organize a complex phishing campaign, for this reason they represent a serious threat being in fact enabling for this type of criminal practice.
EvilProxy is also able to steal the MFA codes from victims, that is, in use if the user has enabled multi-factor authentication to protect their account.
Complicating the scenario is the availability of this phishing service (Phishing-as-a-Service) through numerous hacking and cybercrime forums.
The phishing campaign relating to the death of Queen Elizabeth II should therefore not surprise us and should be a warning to online users. Similar operations will be observed in the future in conjunction with events of high media interest.
Do you want an example?
Imagine for a moment that you are a cybercriminal and want to benefit from the media attention related to the upcoming Italian political elections. You could hire a phishing service like EvilRoxy and set up your campaign for a few hundred dollars.
It would be sufficient to create an ad hoc content to attract the attention of recipients, for example by proposing advances on the results of the vote or by sharing links and malicious documents that claim to contain evidence of electoral fraud.
Rest assured that large numbers of recipients will visit your malicious links or may open attachments designed to infect victims’ systems.
In conclusion, pay attention to unsolicited email messages, especially those that claim to offer you information relating to events of public interest, you could run into unpleasant surprises.