Ashley Madison data breach triggers upsurge in spam email, as victims become scammers target
Security firm Symantec is warning users of the extramarital affairs website Ashley Madison that they are now at risk from scammers.
It comes after hackers earlier this month published internal data that included details on users and executives and internal corporate documents.
Symantec said that scammers have moved quickly to take advantage of the Ashley Madison data breach, and it warned that it immediately witnessed a spike in spam email campaigns mentioning the infidelity website after the data was published.
And the scammers have got creative in how to lure unsuspecting people into their web with spam emails that include titles such as “How to check if your email is part of Ashley Madison’s hack”; “How to Check if You Were Exposed in Ashley Madison Hack”, and “Ashley Madison hacked, is your spouse cheating”.
Indeed, one spam campaign takes advantage of Ashley Madison breach by posing as report from legitimate news site.
Symantec said it has already blocked thousands of spam emails listing domains relating to Ashley Madison, including ashleymadisonaccounts.com, ashleymadisonlistleak.com and checkashleymadison.com to name but a few.
And Symantec pointed to the report by security journalist Brian Krebs, who revealed that some Ashley Madison users have already received blackmail emails. Apparently one email demanded approximately $225 worth of bitcoins from a victim in order not to disclose the information to their partner.
Symantec’s advice to consumers is clear, be very wary of any email that purports to relate to the breach.
“Exercise caution with websites offering to check if someone’s details are included in the breach. Unscrupulous operators could use the submitted details to identify people who are worried about the breach and target them with extortion attempts,” blogged Symantec.
“Do not pay anyone offering to remove personal details from the leaked data, since this cannot be done,” it said. “This information is already in the public domain and multiple copies exist.”
Earlier this month, security experts warned that much of the data released online related to the attack on the Toronto-based dating service should be treated with scepticism. Apparently a large majority of the data is fake.
Are you a security pro? Try our quiz!