Supported by
Ashley Madison Users Face Threats of Blackmail and Identity Theft
First, members of the adultery website Ashley Madison had their personal information unveiled to the world by hackers. Now, a bigger threat looms.
Scammers and extortionists have been combing for targets through the data on 30 million to 40 million Ashley Madison users, stolen by a group calling itself The Impact Team and dumped online earlier this month.
Police officials in Toronto said they had already seen several instances of such spinoff crimes, including extortion attempts.
Darius Fisher, the president of the reputation management firm Status Labs, said he had multiple clients who have received emails threatening to expose their use of the site if they do not send bitcoins to their blackmailers.
But Ashley Madison users are also being confronted with more subtle scams.
They are “vulnerable to any offer to help them handle the situation in any way really,” said Stephen Cobb, a digital security expert at the software company ESET.
Scammers could use data from the breach to trick victims into giving up more information, or even to hack into their computers to wreak further havoc. Such attacks are likely to continue for weeks and months, experts say.
“It’s important to understand that the attackers are clever,” said Itay Glick, the chief executive of the cybersecurity company Votiro. “They don’t need to use the information today; they can use it two weeks from today or one month from today.”
The path to installing malicious software onto an unsuspecting target’s computer can be simple. Using email addresses and information gleaned from the initial data dump, fraudsters can craft convincing so-called phishing emails that trick their recipients into revealing sensitive personal information.
Malware can also be delivered through websites offering to scrub Ashley Madison users’ records from the web, a promise that Mr. Cobb said was impossible to deliver on.
Once a computer is infected, criminals can gain access to bank accounts, steal passwords and “do anything you can do on the machine, basically,” said Israel Levy, the chief executive of Bufferzone, a cybersecurity company.
It is not just Ashley Madison users who are vulnerable. People interested in the identity of the website’s members are also falling prey to attacks.
Targeted messages and spurious websites that offer to reveal the identities of Ashley Madison users are being used as bait to lure suspicious spouses and human resources managers into clicking on malicious links.
The technology company Symantec said it had detected an “upsurge” in email activity of this sort, and had blocked multiple domain names including ashleymadisonaccounts.com and ashleymadisonlegalaction.com.
“The bad guys are trying to take advantage of the fact that people are very curious, and as they say, curiosity kills the cat,” Mr. Levy said.
Mr. Cobb said: “Steer clear of anything to do with Ashley Madison is probably the most useful advice. Unless you really understand data and information security, responding to anything related to Ashley Madison could be problematic.”
A Guide to Digital Safety
A few simple changes can go a long way toward protecting yourself and your information online.
A data breach into your health information can leave you feeling helpless. But there are steps you can take to limit the potential harm.
Don’t know where to start? These easy-to-follow tips and best practices will keep you safe with minimal effort.
Your email address has become a digital bread crumb that companies can use to link your activity across sites. Here’s how you can limit this.
Protect your most sensitive accounts by creating unique passwords and adding extra layers of verification.
There are stronger methods of two-factor authentication than text messages. Here are the pros and cons of each.
Do you store photos, videos and important documents in the cloud? Make sure you keep a copy of what you hold most dear.
Browser extensions are free add-ons that you can use to slow down or stop data collection. Here are a few to try.
Advertisement