The death of the British Monarch Queen Elizabeth II was a truly global event. One of the most recognizable humans on Earth, The TV broadcast of the Queen’s funeral was watched by an estimated 5 billion people worldwide. Her death has deeply affected people in the United Kingdom, the Commonwealth and in many other countries besides.

But as with any major world event, scammers were quick to hijack the mourning period as a way to steal personal data.

Compromising Microsoft accounts

This new attack has been designed to steal Microsoft account details from victims, and it works like this:

  • Scammers email a list of potential victims. The message invites recipients to an “Artificial Intelligence memory board” created in memory of the Queen.
  • The victim is encouraged to click a button that will allow them to learn more about the memory board.
  • After clicking, the victim is directed to what looks like a Microsoft website. They are then asked to login using their Microsoft username and password.

Because the website is fake, the hackers now have the victim’s login credentials.

Download Panda Essential

Defeating multi-factor authentication (MFA)

Although risky, username and password are not always enough to break into someone’s Microsoft account. In most cases they are protected by a second layer of protection called ‘multi-factor authentication’. To gain access to the account, account holders must enter their username, password and a code that is sent by SMS to their cellphone.

However, this Queen-inspired scam has been designed to allow scammers to get round MFA too. Using a tool called EvilProxy, the cybercriminals are also able to capture the MFA token that accompanies their victim’s login credentials.

Once they have the username, password and MFA token, they are able to take complete control of the user’s Microsoft account. Hackers can read email, access files stored in OneDrive and use the account to commit identity theft or fraud.

Be on your guard during emotional times

Commenting on this particular attack, a spokesperson for the United Kingdom’s National Cyber Security Centre said:

“Cyber criminals often play on your emotions to get you to click and may also refer to high profile current events. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details or other personal information.”

Phishing is an incredibly common (and effective) tactic for stealing passwords, so you should treat any unexpected email with some degree of suspicion. However, at times of national tragedy or crisis, cybercriminals are always ready to take advantage. You should think very carefully before responding to these kinds of emails – particularly when emotions are involved.

In the meantime, if you do want to send a message of condolence to the British Royal Family, you can do so on the Royal Household’s official website here.