Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials

Cybercriminals were quick to exploit the passing of Britain's longest-reigning monarch, Queen Elizabeth II.

On Sept. 12, just four days after the death of Her Majesty the Queen, Bitdefender telemetry picked up a wave of fraudulent messages aimed at stealing Microsoft credentials under the guise of an “AI memory board” in her honor.

Upon accessing the embedded link, users were directed to a fake Microsoft landing page that would harvest Microsoft credentials from unwary users.

Subject lines vary and include:

• Be part of our AI hub in honor of Queen Elizabeth II
• Be part of our AI hub in honour of her Majesty Queen Elizabeth II
• Be part of our AI hub in memory of Queen Elizabeth II
• Be part of our AI space in honor of her Majesty Queen Elizabeth II
• Be part of our AI technologies space in memory of her Majesty Queen Elizabeth II
• Join our AI hub in honor of Queen Elizabeth II
• Join our artificial intelligence technology space in memory of her Majesty Queen Elizabeth II

Although the campaign had a global outreach, spammers had a clear focus, with phishing emails targeting the US, UK, Ireland, Germany, Sweden and South Korea.

According to the latest analysis from Bitdefender Labs, the phishing campaign was short-lived, with traffic to fraudulent webpages disappearing within two days of detection.  Phishing campaigns are often cut short to try to evade antispam filters, and although the webpages are no longer active, cyberthieves could experiment with similar ruses to deceive recipients.

The UK’s National Cyber Security Centre has also warned about potential scams and phishing attacks during the national period of mourning.

The agency advises users to remain cautious and scrutinize unsolicited emails, text messages, and other communications regarding funeral arrangements and participation at Her Majesty The Queen’s Lying-in-State at the Palace of Westminster.