Skip to content


Cyber security firm Proofpoint has identified a phishing campaign that uses the death of Queen Elizabeth II as a lure. Their threat insight team revealed that threat actors had created phishing emails pretending to be from Microsoft, asking customers to view an “interactive memory board in honour of Her Majesty Elizabeth II”.

The phishing email asking Microsoft customers to take part in the creation of the “Elizabeth II Memory Board”. Source:

Proofpoint added that the link within the email directs users to a page that harvests Microsoft login credentials, including multi-factor authentication (MFA) tokens. The threat actors can do this with the help of a new Phishing-As-A-Service platform known as EvilProxy, allowing hackers to easily craft malicious phishing attacks that bypass MFA with limited coding and hacking knowledge.

The discovery of this phishing campaign coincides with a warning from the NCSC on the increased risk of phishing attacks using Queen Elizabeth II’s death for their own gain. The advisory warns that cybercriminals may use emails, text messages, and other communication platforms (such as social media) to send phishing attacks concerning the death of Her Majesty the Queen. 


Phishing attacks are one of the most used methods by hackers to gain access to a system or to steal personal information such as bank details and login credentials. To reduce the chances of a phishing attack from becoming successful, follow these steps:

  • Turn on spam filters and investigate possible anti-phishing solutions. Using systems that detect phishing emails can help prevent these emails from reaching your users.
  • Train colleagues on the signs of a phishing attack, such as looking for misspelt and odd email handles, urgent requests, and bad grammar and spelling.
  • Should a phishing email come into your inbox, notify all colleagues to look out for similar emails. If possible, block the email domain and IP address associated with the malicious email or contact your IT team to do so.
  • Create an atmosphere of trust within your organisation – ask colleagues to report any phishing emails as soon as possible, especially if they have clicked on any links or files within the email.
  • If you receive a phishing attack in your personal email inbox or your personal phone number, you can help stop the campaign by reporting the message. The National Cyber Security Centre has a phishing email reporting system and a phishing text message reporting system. Emails can be reported to them by forwarding the message to [email protected], and text messages can be reported by forwarding the message to the number 7726. The NCSC also has advice on what to do if you think you have fallen for a phishing attack, which you can find here.

Related Links: