28 August 2015
Cyber criminals are already putting to use the vast amounts of data stolen during the Ashley Madison security breach. In the past few days we have seen huge numbers of scammers and blackmailers trying to extort money and information from users of the website. Some are doing this by creating bogus websites which purport to allow you to check if your spouse is on the list. These fake websites are designed to trick you into adding further personal information, which is subsequently stolen by the scam artists.
Other rogue individuals are sending blackmail e-mails to the millions of users on the list demanding payment. In one e-mail the scammers are attempting to extort bitcoins, an online crypto currency, from the individuals. The scammers make the threat quite clear: “If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address”, the e-mail demands. Whilst this scheme doesn’t appear to be working, as nobody has yet transferred the bitcoins in to the associated account, it is a reminder of the tangible damages as a result of cyber security breaches.
Undoubtedly these attacks are going to get more sophisticated in the coming days. In one case, a user has received another e-mail where the scammers have used open source intelligence techniques to gather further information about the individual via Facebook. The scammers are even offering advice on what they can do to protect themselves in the future by adjusting Facebook privacy settings.
Ashley Madison aside, the percentage of users duped by phishing attempts is on the rise, according to the Verizon 2015 Data Breach Investigations Report. “In previous years, we saw phishing messages come and go and reported that the overall effectiveness of phishing campaigns was between 10 and 20%” the report says. “This year, we noted that some of these stats went higher, with 23% of recipients now opening phishing messages and 11% clicking on attachments.” Of incidents classified as cyber espionage in the past two years more than two-thirds featured phishing, the report concludes.
It is being reported that there are millions of corporate e-mails within the Ashley Madison leak and so organisations should be extra vigilant against these types of attacks. Schillings recommend you take immediate precautions to protect your employees falling for any of the phishing attempts. In short:
- Ensure e-mails systems and anti-spam software are up to date
- Re-evaluate your security awareness training
- Create specific e-mail rules to detect Ashley Madison phishing attempts
- Block access to the Ashley Madison website
Should you have any questions don’t hesitate to contact our Cyber and Information Security Team.Receive our monthly newsletter