Following the death of the longest serving monarchy of the UK, Her Majesty the Queen on 8th September many people have been going online to follow the story of her life as it continues to unfold. Many people have also signed condolences books set across the globe to give honor and condolences to the bereaved loyal family, and since we are living in more advanced times, online users have also been using different sites to share their memories of the Queen and to give her honor.
But not all sites are legal or above board because it has been noted that some online attackers or cyber thieves have taken the opportunity to use the mourning period to steal people’s Microsoft credentials. The cyber thieves may use this chance to take over your account, steal your personal information, and also steal your multi-factor authentication (MFA) codes which will probably make it easy for them to launch other online attacks.
The recent attack on Microsoft users was discovered by researchers at a security company called ProofPoint after they had detected fraudulent emails, several days following the announcement that the Queen had passed away. The emails were inviting people to be part of other global users honoring the memory of the Queen. The company then shared the email that was created to appear as if it had been sent from a Microsoft team and was created to tempt people into signing an online memorial book but only doing so after logging into their Microsoft account.
Users who followed directions given in the email unknowingly took part in a phishing campaign that had been created to steal their credentials. Apart from sharing the snapshot of the phishing email, Proofpoint also gave a warning on the hacker’s ability to go around multi-factor authentication (MFA) which is a method of authentication that verifies a user to allow access to their personal accounts but also provides a layer of security for applications and devices being used. If hackers can go around this security level then they can easily cyber attack users online.
The hackers were using phishing emails targeting Microsoft users across the globe but with a larger focus on users in the UK, US, Germany Ireland, South Korea, and Sweden and it all started with messages luring people to fake landing sites that were created under the pretext of an “AI memory board” for the Queen. The message indicated that Microsoft was creating a virtual board devoted to the Queen and users were being invited to assist and support its completion by sharing their memories and stories related to the Queen.
Participants were then told to get more information on the project through their personal Microsoft account via a link that was in the message or by clicking on several click buttons included in the email. If a user managed to click on any of the links, they were redirected to a landing page that the hackers had created and they were then able to harvest the email credentials of any user who had logged in using the link. With a lot of people eager to share their feelings about the Queens’s death and stories that they have of her or may have heard, the hackers aimed at using emotional manipulation to get their way.
While some may not have fallen for the trick to add their own personal memory to an online intelligence board, by using this mourning period to exploit people’s sorrow, the hackers managed to get the credentials of a few unsuspecting users.
The phishing campaign has however been stopped for now and in the UK online users have been advised by The National Cyber Security Centre (NCSC) to remain alert and to take caution when opening or reading emails, messages, or other online communications related to news about arrangements for Her Majesty’s funeral.
There is a high possibility that other phishing attacks and scams may happen during this mourning period or after and may not only target email or user credentials but personal information or bank details. Phishing activities may also leave your computer infected with malware.
On its Twitter account, NCSC has also provided phishing guidance plus updates for Phishing activities to keep people on alert and has encouraged people to stay updated through the UK’s official government website gov.uk for all arrangements related to the funeral. This is to avoid people being scammed to pay for entry to the funeral, for other services related that the government is offering for free, or for nonexisting things such as hotels or busses.
It also acknowledged that “As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain’, NCSC UK. In answering about the threat of online scammers and hackers and the recent attack, The National Cyber Security Centre said “While the NCSC – which is part of GCHQ – has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral,”.
But with the UK’s National Cyber Security Centre alerted about these threats and other potential ones, attacks may likely die before they reach the full potential hackers plan them for. And with people on alert, cyber-attacks may be limited during this trying time for the UK and its people.
All online users are being encouraged to keep an eye out for online interactions that request them to send personal information. Any unsolicited emails or any other emails that you may receive asking you to click on links or buttons, or emails asking you to enter your personal credentials must be dealt with caution as always but more especially now with online criminals taking advantage of the national mourning period in the UK.