NCSC warns public of potential Queen-related phishing attacks

The death last week of Queen Elizabeth II at the age of 96, following a 70-year reign, has drawn global attention and may yet draw the focus of cyber criminal elements exploiting the historically significant event to spread phishing emails and other scams, according to the National Cyber Security Centre (NCSC).

The NCSC, part of GCHQ, has issued public cyber guidance for the current period of national mourning, saying that during the coming weeks there may be an increase in incidents linked in some way to the Queen.

The NCSC said cyber criminals will often play on people’s emotions to get their targets to click on a scam email – a tactic known as social engineering – and with many people profoundly affected by the death of the Queen, they may take this opportunity to do just that.

“As with all major events, criminals may seek to exploit the death of Her Majesty the Queen for their own gain,” the agency said.

“While the NCSC has not yet seen extensive evidence of this, as ever you should be aware it is a possibility and be attentive to emails, text messages, and other communications concerning the death of Her Majesty the Queen and arrangements for her funeral.”

Since many historical phishing scams have centred on offering a paid service that is free in reality, the NCSC pointed out that you do not need a ticket to attend the Lying-in-State and nor do you have to pay to attend.

Other tactics may include offering non-existent deals on train and coach tickets or hotel accommodation for people travelling to London.

In general, it is good practice to be suspicious of any unsolicited email you receive, even if it appears entirely genuine at first glance. Phishing emails can be exceptionally well crafted, spoofing well-known organisations and brands down to the finest detail, and therefore hard to spot.

However, there are some common signs of a scam you can look out for to make yourself harder to victimise. Be vigilant if receiving messages claiming to be from an official source, such as your bank, GP, a solicitor, or a government body. Watch out for messages giving you a limited timeframe to respond – cyber criminals will often try to threaten you with fines. Messages that play on your emotions, inducing a sense of panic or fear, or even curiosity, may be suspicious, as may messages that offer you something scarce or a deal that seems somehow too good to be true.

If an email appears to originate from your bank, it is important to remember that financial services organisations will never ask you to supply personal information via email, or call you and ask you to confirm your bank details.

If you are in any doubt about the legitimacy of an email, contact the alleged sender directly but do not use any numbers or addresses in the email – search for the organisation online and contact it directly using the details on its website.

Additionally, the NCSC operates a phishing email reporting service, which can be reached by forwarding any suspicious emails to [email protected]. As of 31 July 2022, over 13 million emails have been reported, and over 91,000 scams across 167,000 URLs have been removed.

The NCSC is unable to provide information on the outcome of its review, but the agency does act on every email it receives, analysing the content and any websites it links to.

There are a number of actions it takes if it uncovers malicious activity. It may, for example, seek to block the address the email came from and work with website hosting companies to remove malicious websites. If it receives multiple reports of identical or similar emails indicative of a broader campaign, it may also seek to raise wider awareness of these with the help of its partners.

However, this address must not be used to report a suspected crime or if you have fallen victim to fraud or cyber crime. In such instances, you should contact Action Fraud via its website or by calling 0300 123 2040 if you live in England, Northern Ireland or Wales, or Police Scotland on 101 if you live in Scotland.

Official information about the arrangements and protocols following the Queen’s death can be found here.