The recent weeks have seen the world paying tribute to the death of the monarch, Queen Elizabeth II. For people working in information security, it is likely not a surprise that hackers are trying to trick users into becoming victims by leveraging such a tragedy. However, for other people, this malicious attack may catch them completely off guard. Let’s take a look at the inner workings of this scam and how users can protect themselves by practicing security best practices.
What Does this Microsoft Online Scam Involve?
Like many popular online scams, this attack takes the form of a phishing attack. Phishing attacks typically attempt to trick users into providing sensitive information by impersonating a trusted source. In this case, the trusted source is none other than Microsoft.
Targeted victims of this online scam would receive e-mails purporting to be from Microsoft. This e-mail would be carefully designed to mirror the same aesthetic as typical e-mails from the company. Users were told that Microsoft is creating an AI-driven memory wall for Queen Elizabeth II and asked to log into their Microsoft account in order to write a message in honor of the monarch.
However, instead of being directed to the Microsoft login page, the email’s link actually sends users to a fake login page that allows the hackers to gain access to the user’s Microsoft login and multi-factor authentication. This circumvents multiple security measures and can be incredibly problematic for users exposed to this attack.
What This Online Scam Means for Users
There are a number of problems that can occur when users fall for this online scam. The most obvious is that the hackers will have access to your Microsoft account and the various information contained within including potential financial information. This is information they could misuse or sell on the black market to others.
However, this phishing attack can also cause expanded problems for users who do not utilize password best practices. If someone falls victim to this attack and also reuses the same password across multiple sites, this can expose a greater wealth of their protected personal information to scammers.
In other words, if you also use your Microsoft password for your online banking, this can leave your banking data at risk of being breached. Scammers will typically attempt to use exposed passwords at a number of known places in the hopes of getting access to more of your personal data and increasing the impact of the initial breach.
What Should I Do About this Online Scam?
If you have fallen victim to the Queen Elizabeth memorial scam, you should immediately change your Microsoft password as well as any other accounts that used the same password. This will help mitigate further damage. The next important step is to assess what information could have been stolen.
For example, if you do not have any financial information on your Microsoft account and did not reuse passwords anywhere, you may have escaped this situation without encountering a major problem. However, if you do have sensitive information like credit card numbers stored on your account and you were tricked by this scam, you should consult your financial company’s customer support.
How Do I Prevent Becoming a Victim of a Similar Scam?
Now that you know to be on the lookout for a potential scam seeking to take advantage of Queen Elizabeth II’s death, you likely won’t have to worry about becoming a victim. However, what about similar types of phishing scams in the future? Luckily, there are several things to consider in order to protect your sensitive information.
First, it is a standard practice for companies to never request sensitive information via e-mail. If you receive an e-mail asking for personal information, this should raise a red flag. If you aren’t sure if an e-mail is legitimate, you can always directly contact the company (do not reply to the suspicious e-mail) to confirm.
There are also some things that commonly give away that an e-mail is a phishing imposter. The e-mails often have spelling mistakes or are written in odd sounding language in places. Additionally, if you check the sender’s e-mail address, you will generally see that it did not come from the domain of the organization it is trying to impersonate. These are some basic things to check when it comes to suspicious e-mails.
The online world is full of different types of threats as bad actors try to trick users into exposing their personal information. Staying up to date on phishing scams and knowing some things to look for in order to evaluate the authenticity of an e-mail are important skills for effective cyber safety.