NCSC warns about Queen-related phishing scams

Evidence of credential theft leveraging the Queen's death has already been spotted in the wild

Image:

Evidence of credential theft leveraging the Queen's death has already been spotted in the wild

Pay attention to emails, texts, and other communications on the Queen's passing and funeral arrangements

The National Cyber Security Centre (NCSC) has warned the general public about potential phishing scams during the period of national mourning following the death of Queen Elizabeth II.

The organisation, a branch of GCHQ, warned that a spike in phishing emails and other online scams was likely over the coming days.

Phishing refers to the practise wherein cybercriminals defraud victims by sending them fraudulent emails, text messages, or phone calls.

Typically, the objective is to trick people into visiting a website that will either infect their computer with malware, steal your financial information or other personal data.

Queen Elizabeth II passed away last Friday at the age of 96, after a 70-year reign.

According to the NCSC, the historically significant event may have attracted the attention of cybercriminal groups looking to distribute phishing emails and other scams.

'As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain,' the agency said.

Cybercriminals often use victims' emotions to get them to click on a phishing email.

Although the agency hasn't yet seen much evidence of increased scams, the public should be aware of the possibility and pay more attention to emails, texts, and other communications that focus on the Queen's passing and funeral arrangements.

Many past phishing schemes have focused on offering a paid service that is actually free, and the NCSC pointed out that people do not need a ticket to attend the Lying-in-State.

Other tactics may include promising non-existent discounts on bus, rail, and hotel accommodations for visitors to London.

The NCSC is urging the general public to visit the Government's website, gov.uk, for official information regarding the arrangements made following the death of Her Majesty, including instructions for attending the Lying-in-State.

Hackers use Queen's death for credential theft

Following the NCSC's guidance, Proofpoint researchers have warned that cybercriminals are using the Queen's death as bait in phishing attacks to steal users' Microsoft credentials.

A snapshot shared by Proofpoint showed a bogus email that appeared to have been sent by Microsoft employees.

The message, with the headline 'In Memory of Her Majesty Queen Elizabeth II,' claimed Microsoft was creating an 'interactive AI memory board' in honour of the Queen and required 'the assistance of our users' to make it work.

The email asked the recipient to click a button in the message, which would lead them to a website inviting them to enter their email credentials to participate in the 'Elizabeth II Memory Board.'

Proofpoint researchers cautioned that the scam had the capability to bypass multi-factor authentication (MFA).