Royal Brexit bitcoin phishing hoax hits British mailboxes

Fraudsters deploy an old-school method in an attempt to outfox a tech CEO

Hacker behind a computer against the EU flag to depict Brexit

A new cryptocurrency phishing scam has been circulating in Britons' mailboxes this week with letters purporting to be from the Queen asking for cryptocurrency to maintain the UK's economic stability after Brexit.

The letter was received by Paul Ridden, CEO at Smarttask, a UK tech firm specialising in cloud-based mobile workforce management products and services. The authors of the letter asked for sums of bitcoin between 450,000 and 2,000,000 to be deposited into a supplied wallet address.

The authors claimed "to save and sustain our economy after Brexit, we must pay the European Union 19 billions", and while they have 82% of the funds already, they were appealing to the public for the rest by 19 October.

According to the letter, this isn't the first time Queen Elizabeth II has appealed to the British public in order to save the economy. It's apparently the second time in 30 years she has made such an appeal and she made it to a highly cyber aware 'victim'.

The letter sent to Paul Ridden

"When it Arrived it made me chuckle as [phishing attempts] don't usually come on paper," said Ridden to IT Pro. "What made me chuckle about was how poor the English was... it's another attempt but it's a poor attempt.

"I think it's an attempt to be different. In a corporate world, one of the things we're always trying to protect against is these social engineering attacks and I guess coming in on paper, it's perhaps trying to come through a door that's not protected.

"So, I wouldn't generally expect that to come that way. As a tech firm ourselves, we're reasonably aware of what's going on and very protective of the company's finances. So, nobody's going to be sending any Bitcoin off to them."

Before listing the bitcoin wallet address the hoax authors asked to remain anonymous as by going viral, it "could affect the agreements we have in order to obtain the bilateral agreement".

Ironically, the letter did end up going semi-viral on LinkedIn thanks to Ridden's post which garnered thousands of interactions in just a few days.

When asked, Ridden said he wasn't aware of any other recipient to have received the same letter, but questioned "does anyone really fall for this", in the original social media post.

"As a technology firm data security is really important to us, so things like this, whilst we've extracted human this exercise, it's a lesson for us all to be vigilant, whether that's pieces of paper turning up on our desks or people phoning in and pretending to be other people. So, I think in this connected world we live in, that security is really high on our agenda."

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

IT Pro contacted the press office at Buckingham Palace but it declined to comment.

Modern phishing attacks tend to exploit absent cyber awareness, typically taking form as an email due to the ease with which they can be sent to many recipients.

The industry has seen phishing attacks become much more sophisticated in recent years and they target different demographics, from TV license holders to C-suite executives. Google has even released its own online cyber awareness course for young people which gamifies education on how to spot a phishing attempt online.

"This is an interesting spin on a phishing attempt coming in via post," said Javvad Malik, security awareness advocate at KnowBe4 to IT Pro. "From an awareness perspective, this scam bears all the same features of an email phish. There are some grammatical errors and inconsistencies in how a real letter from the Queen would read. Beyond that, the mail tries to instil a sense of urgency as well as promising high rewards.

"People should be aware that scammers will use any means at their disposal in an attempt to swindle money. Particularly where there is a major event such as a natural disaster, sporting event, or a political event like Brexit, they will jump on the bandwagon to try and exploit it as much as possible."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021