Microsoft credentials targeted in phishing attack using Queen’s death as lure

New phishing attacks have been using the death of Queen Elizabeth II as lures to facilitate the theft of Microsoft account credentials and multi-factor authentication codes, reports BleepingComputer. Threat actors impersonating Microsoft have been sending phishing emails attempting to bait recipients into helping create a memory board in honor of Queen Elizabeth II, with the button within the message redirecting to a phishing page seeking visitors' Microsoft credentials and MFA codes, a report from Proofpoint's Threat Insight team found. Researchers also noted that authentication tokens for evading MFA have been enabled by attackers' use of the EvilProxy reverse-proxy phishing-as-a-service platform. The report comes after the U.K.'s National Cyber Security Centre issued a warning regarding the mounting risk of phishing attacks and other scams leveraging the Queen's death. "While the NCSC which is a part of GCHQ has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral," said the NCSC.