Phishing alert: Giving your condolences for Queen Elizabeth II can leave your data in the hands of cybercriminals

Cybercriminals are taking advantage of the death of Queen Elizabeth II to launch phishing attacks, specifically these scammers directing users to malicious pages that are designed to steal Microsoft credentials.

Proofpoint (cybersecurity company) has detected fraudulent emails where cybercriminals pose as the Microsoft team to try to deceive recipients, thus getting victims to sign a virtual book of condolences in memory of Elizabeth II.

By clicking on the link included in the phishing, those affected are redirected to a fraudulent page where they are asked to enter their email passwords. In addition to your data at Microsoft, attackers are also trying to steal multi-factor authentication (MFA) codes to gain control of your accounts.

Scam message.Proofpoint

With this scam, cybercriminals use a phishing framework called EvilProxy’  to reverse proxy landing pages to each recipient, harvest credentials, and bypass MFA protection.

The death of Elizabeth II has become a topic of social engineering for scammers, since it only requires the manipulation of the emotional state of users. In this case, the attackers cause a feeling of sadness among the victims, therefore, they create spaces to share comments and memories in honor of the queen with the intention of scamming users.