As Queen Elizabeth II is laid to rest, the country looks ahead to the reign of a new monarch, King Charles III.
Despite days of mourning and a state funeral watched by millions, apparently fraudsters reckon they can trick people out of money by pretending the Queen is still alive.
A screengrab of the attempted con has been posted to Twitter by the account UberFacts.
It consists of an Instagram direct message purportedly from the Queen herself.
The account uses the handle @queenelizabet._3 and follows just three other accounts, two of which are Instagram and the Royal Family.
The message claims the Queen isn’t really dead, but has been sent to a deserted island by Charles so he could claim the throne.
Stay with us here.
Apparently, ‘the Queen’ can’t get hold of her ‘royal money’ so needs the recipient of the message to cashapp (a mobile payment service) her $300 so she can get back.
For added effect, the scammer adds a ‘Tea and biscuits’ message with the Union Jack flag, just to reaffirm how authentic it is.
As you’d expect, the scam got the derision it deserves from the internet at large.
The person behind the profile – ‘Lizzy’ – uses a smiling portrait of Her Majesty and writes in her bio: “dm if you canhelp me get back to Great Britain! Tea and Biscuits”.
And, while it’s obviously a distasteful joke, there are plenty of online scams far more convincing – some relating to Queen’s death.
Like, for example, following her passing, a number of newly-minted cryptocurrencies tried to use the event as a way to inflate their value.
Tips to beat the scammers
Although scammers come up with new ways to target users all the time, you can help protect yourself and your data with a few simple rules.
Treat contact from unfamiliar accounts with caution
If you’ve recieved a message or a message request from an account you don’t recognise, it’s best to treat it with suspiscion — particularly if it claims to be an official account like those mentioned above.
Twitter, for example, says it will never ask users for their passwords via email, DM or reply.
Even if an account is familiar, it’s a good idea to remain vigilant. Legitimate users get hacked all the time: accounts that may end up in the hands of bad actors.
2. Don’t click on suspicious links or attachments
In many cases the message in suspicious DM or email aren’t as dangerous as the links or files they contain. Clicking on links or attachments might cause your device to download malicious software.
Links might also send you to phishing websites that impersonate real social media login pages.
So before you click on any links, make sure you check the URL.
If you’re still suspicious of a link or a file, just don’t click on it at all.
3. Use strong, unique passwords, as well as two-factor authentication
This one might seem obvious, but using weak passwords across multiple accounts is still a common pitfall of many users.
Twitter recommends using a password that’s at least 10 characters long and contains a mix of uppercase and lowercase characters, as well as numbers and symbols.
It’s also important to use different passwords for different accounts. Otherwise, as soon as one is compromised, the others will be vulnerable too.
If you struggle to remember all these logins, it might be worth investing in a password manager like Dashlane or OnePass that remembers them for you.
Two-factor authentication, where you’re asked to enter an extra code sent to your email, mobile phone number or an authentication app, will also add another layer of security to your account.