The death of Queen Elizabeth II has more than just political implications. The cybersecurity realm has also been hit, as evidenced by this new hack campaign based on the death of a sovereign to steal British Microsoft IDs. Posing as a Redmond firm, the hackers invite their target to post a message in his honor on a scam site.
While the death of Queen Elizabeth II continues to ignite passions and heated debates online, some are taking advantage of the situation to steal personal data. Indeed, some see this as a great opportunity to impersonate Microsoft and, with a relaxed vigilance, encourage their victims to bequeath their identities. To do this, they use an old phishing technique.
It all starts with an email sent by Microsoft teams. Inside, the company left the opportunity for victims to leave a message in memory of the queen on a special website. Of course, the site in question is designed specifically to recover the passwords of those who have been deceived. As soon as the Internet user tries to write the specified message, he is asked to connect to his Microsoft account.
On the subject: Europe and the United States openly accuse China of hacking Microsoft Exchange
The death of Elizabeth II prompted the pirates to attack
“The messages contained links to a credential collection page redirecting to a URL targeting Microsoft email credentials, including a set of multiple authentication codes,” said Proofpoint, which discovered the attack. On Tuesday, September 13, the British National Cybersecurity Center (NCSC) was quick to heed the warning about increased online risks.
“Although the NCSC […] have not yet seen detailed evidence of this, you should, as always, be aware that this is possible and be alert to emails, text messages and other communications regarding the death of Her Majesty the Queen and the arrangements made for his funeral.” reported to the NSC. The latter thus warns against attacks based on a strong emotional component to lower the vigilance of the victims.