Security Awareness – Threat Actors Exploiting Death of Queen Elizabeth to Steal Credentials and MFA Codes

Threat actors are exploiting the death of Queen Elizabeth II in brand impersonation phishing attacks to steal victims’ Microsoft account credentials, according to security researchers at Proofpoint. The phishing email purports to be from Microsoft and invites recipients to an “artificial technology hub” in the Queen’s honor. The social engineering tactic includes baiting the recipient to open the link so they can sign an online memory board in honor of the Queen. After clicking the link, victims are sent to a phishing landing page where they are prompted to enter their Microsoft credentials. The threat actors also attempt to steal MFA codes. Notably, the attackers are utilizing a new reverse-proxy Phishing-as-a-Service (PaaS) platform known as EvilProxy, which allows low-skill threat actors to steal authentication tokens to bypass MFA. To defend against this activity, members are reminded to always screen suspicious emails carefully and never click on a link or attachment before verifying the legitimacy of the message with the sender first. Read more at BleepingComputer.