A new heinous online scam steals sensitive data like passwords from users by pretending to be from Microsoft and asking them to write a tribute in memory of Queen Elizabeth II. Know how to avoid it.
Cold-hearted criminals take any opportunity they can, even the most tragic ones, and turn it to their own advantage. And a group of hackers have targeted the death of Queen Elizabeth II to steal innocent victim’s sensitive data. These scammers have been running an email-based online scam where the victim gets an email which pretends to be from Microsoft. This email asks people to write their message to the Queen by logging into their Microsoft account. However, clicking on the button to log in takes you to a credential harvesting page which steals your data and any sensitive information present within these accounts. Do not fall for this malicious threat. Know how it is being conducted and how you can protect yourself.
Scammers use the death of Queen Elizabeth II to pull of an online scam
The online scam was first identified by Proofpoint, a security software company. It tweeted, “Researchers from Proofpoint’s @threatinsight team have found that threat actors are using the passing of Queen Elizabeth II as bait in #phishing attacks”.
The Threat Insight Twitter offered a detailed explanation of what was happening. According to them, it was a credential phishing campaign over email that pretended to be from Microsoft and invited recipients to an “artificial technology hub” in her honor. The message claimed that Microsoft was “launching an interactive Al memory board in honor of Her Majesty Elizabeth II” and asked the users to write messages for the Queen.
However, once they clicked on the action button on the page, something far sinister would happen. “Messages contained links to a URL redirecting credential harvesting page targeting Microsoft email credentials including MFA collection. The actor used the #EvilProxy phish kit,” explained the tweet from Insight Threat.
The scammers as a result have obtained thousands of account details and passwords and as a result they also have access to both personal and financial information that may contain within that Microsoft account. Further, if the same password has been used by the user for other accounts, they might get compromised as well.
But if you want to protect yourself from such online scams, you need to follow the following rules.
How to protect yourself from online scams
- Always check the sender of the email. Most often there will be a spelling error in the name as the scammers cannot copy the official domain of the large organization like Microsoft.
- Usually fake emails also contain typos, grammatical errors and such which are a clear giveaway that it has not come from an authentic source.
- If you have fallen for a similar scam, immediately change the password of the account. Also, change password for any account where you have used the same password.
- Companies do not send out emails asking for sensitive information for people, so always be suspicious of such emails.
- If you suspect foul play, never hesitate to reach out to the real company and inquire about the correspondence.