Proofpoint yesterday revealed an email spoofed to appear as if sent from Vole with the headline of “In Memory of Her Majesty Queen Elizabeth II.”
It claimed that Microsoft is launching an “interactive AI memory board” in her honour and needed “the users to help make it work.”
To take part in the ‘Elizabeth II Memory Board’ the recipient is urged to click on a button embedded in the email, which will take them to a page prompting them to enter their email credentials. It also features a capability to bypass multi-factor authentication (MFA).
“EvilProxy is a #MITM [man-in-the-middle] phishing framework that uses a reverse proxy to customize landing pages for each recipient and collect credentials and bypass #MFA protection,” Proofpoint said of the infrastructure used to deploy the campaign.
“The kit is relatively new and is available for sale on exploit forums.”
Sherrod DeGrippo, VP of threat research and detection at Proofpoint, pointed out that every time there is a disaster or world even some threat actor tries to put out a spoof email hoping users will fall for it.
Clearly, the threat actor thought that British people would be grieved, concerned or sad by the Queen’s death and would want to go to a place to share memories and comments. They do not seem aware that is not how Brits do things. Brits who might want those sorts of services are unlikely to have ever touched anything more computerised than a telly remote control to turn up the volume when Bake off is on.
Besides even Microsoft could create a user group if it wanted and would not require help from the technologically challenged.