Royal Brexit bitcoin phishing hoax hits British mailboxes

Hacker behind a computer against the EU flag to depict Brexit

A new cryptocurrency phishing scam has been circulating in Britons' mailboxes this week with letters purporting to be from the Queen asking for cryptocurrency to maintain the UK's economic stability after Brexit.

The letter was received by Paul Ridden, CEO at Smarttask, a UK tech firm specialising in cloud-based mobile workforce management products and services. The authors of the letter asked for sums of bitcoin between 450,000 and 2,000,000 to be deposited into a supplied wallet address.

The authors claimed "to save and sustain our economy after Brexit, we must pay the European Union 19 billions", and while they have 82% of the funds already, they were appealing to the public for the rest by 19 October.

According to the letter, this isn't the first time Queen Elizabeth II has appealed to the British public in order to save the economy. It's apparently the second time in 30 years she has made such an appeal and she made it to a highly cyber aware 'victim'.

The letter sent to Paul Ridden

"When it Arrived it made me chuckle as [phishing attempts] don't usually come on paper," said Ridden to IT Pro. "What made me chuckle about was how poor the English was... it's another attempt but it's a poor attempt.

"I think it's an attempt to be different. In a corporate world, one of the things we're always trying to protect against is these social engineering attacks and I guess coming in on paper, it's perhaps trying to come through a door that's not protected.

"So, I wouldn't generally expect that to come that way. As a tech firm ourselves, we're reasonably aware of what's going on and very protective of the company's finances. So, nobody's going to be sending any Bitcoin off to them."

Before listing the bitcoin wallet address the hoax authors asked to remain anonymous as by going viral, it "could affect the agreements we have in order to obtain the bilateral agreement".

Ironically, the letter did end up going semi-viral on LinkedIn thanks to Ridden's post which garnered thousands of interactions in just a few days.

When asked, Ridden said he wasn't aware of any other recipient to have received the same letter, but questioned "does anyone really fall for this", in the original social media post.

"As a technology firm data security is really important to us, so things like this, whilst we've extracted human this exercise, it's a lesson for us all to be vigilant, whether that's pieces of paper turning up on our desks or people phoning in and pretending to be other people. So, I think in this connected world we live in, that security is really high on our agenda."


6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks


IT Pro contacted the press office at Buckingham Palace but it declined to comment.

Modern phishing attacks tend to exploit absent cyber awareness, typically taking form as an email due to the ease with which they can be sent to many recipients.

The industry has seen phishing attacks become much more sophisticated in recent years and they target different demographics, from TV license holders to C-suite executives. Google has even released its own online cyber awareness course for young people which gamifies education on how to spot a phishing attempt online.

"This is an interesting spin on a phishing attempt coming in via post," said Javvad Malik, security awareness advocate at KnowBe4 to IT Pro. "From an awareness perspective, this scam bears all the same features of an email phish. There are some grammatical errors and inconsistencies in how a real letter from the Queen would read. Beyond that, the mail tries to instil a sense of urgency as well as promising high rewards.

"People should be aware that scammers will use any means at their disposal in an attempt to swindle money. Particularly where there is a major event such as a natural disaster, sporting event, or a political event like Brexit, they will jump on the bandwagon to try and exploit it as much as possible."

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.