Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials.

Apart from Microsoft account details, attackers also attempt to steal multi-factor authentication (MFA) codes from their victims to take control of their accounts.

“Messages purporting to be from Microsoft and invited recipients to an ‘Artificial Technology Center’ in its honor,” Proofpoint’s Threat Insight team said. revealed today.

In the campaign spotted by Proofpoint, phishers pose as “the Microsoft team” and attempt to trick recipients into adding their memo to an online memo board “in memory of Her Majesty Queen Elizabeth II “.

After clicking a button embedded in the phishing email, targets are instead sent to a phishing landing page where they are first prompted to enter their Microsoft credentials.

“The messages contained links to a URL redirect credential collection page targeting Microsoft email credentials, including MFA collection,” Proofpoint added.

Attackers are using a new Phishing-as-a-Service (PaaS) reverse-proxy platform known as EvilProxy promoted on clearnet and dark web hacking forums, allowing low-skilled hackers to steal authentication tokens to circumvent MFA.

UK National Cyber ​​Security Center warned tuesday about an increased risk of cybercriminals exploiting the Queen’s death for their own gain in phishing campaigns and other scams.

“While the NCSC – part of GCHQ – has yet to see substantial evidence of this, as always you should be aware that this is a possibility and be alert to emails, text messages and other communications regarding the death of Her Majesty the Queen and preparations for her funeral,” the NCSC said.

Although this malicious activity appears to be limited, the NCSC has witnessed such phishing attacks and is currently investigating them.

Our phishing tips can help you avoid potential national mourning scams https://t.co/bnrJBGqaJ6

— NCSC UK (@NCSC) September 13, 2022

Sources also told BleepingComputer that the NCSC is aware of phishing messages where attackers attempt to trick potential victims into handing over sensitive information, including banking details.

“Cybercriminals often play on your emotions to get you to click, and may also refer to high-profile news events,” the agency added.

“The goal is often to get you to visit a website, which may download a virus to your computer, or steal bank details or other personal information.”