Five years after the cyber-attack on Ashley Madison, users are still being targeted in ‘sextortion’ scams.
Researchers at email security company Vade Secure found the new scam earlier this year, when they saw a small number of emails with apparent information from Ashley Madison breach victims.
The scam emails seemed to be well researched, with not just the users’ email addresses but information like when the victim signed up, their username, and the interests they entered on the site.
The threats are a worrying evolution of the sextortion scam because they appear to incorporate real information.
In the most typical version of sextortion, fraudsters make dubious, fictional claims about victims via email, claiming that they have been recorded in a compromising position through their computer, or that they have pictures of an alleged affair.
A cyber-criminal will then blast out thousands of similar-sounding emails in hopes of persuading just one person to fall for the trick and make a requested extortion payment. The recordings and affairs are almost always non-existent.
However, in the new Ashley Madison cases, the scammers are using carefully selected information that appear to be from real Ashley Madison subscribers, and piecing that information into more precisely targeted emails.
The ransomers then demand around $1,000 in bitcoin to keep the information silent. The grain of truth to their pitch sets the scam apart.
Varde Secure is particularly concerned because the Ashley Madison breach affected individuals with corporate and government email addresses, which could make them particularly susceptible to paying the bribe.
Read more here.