More than a million were registered in an online Adultery hook-up website Ashley Madison before it was hacked and of-late it continues to attract new members daily. eScan research team in a startling investigation found that cyber-criminals are using various means of extortion techniques, fake promises and emails mentioning about the infidelity website.
How Does Email Look Like?
Unlike typical extortion emails, Ashley Madison spam email doesn’t have broken English. The cyber-criminal proclaimed that he had personal information belonging to the recipient and demanded a Bitcoin as a payment, which would prohibit him from sharing the information with recipient’s Facebook friends. The main objective of using Bitcoin was that it preserves recipient’s identity.
In another spam email campaign we came across a scenario where the email-recipients are lured to join a collective lawsuit against Avid Life Media (parental company of Ashley Madison) with the help of a link. When the link is opened the recipient gets a story of an unknown man who is scared of his Ashley Madison account getting public. This story is quite convincing and convinces the user to fall into the donation trap. At this point of time it opens a word-document mentioning about the story. With the rise of Ransomware in the recent times, our researchers have every reason to believe that this Ashley Madison scam might also strategically take the same path in near future.
Ashley Madison hacking incident is a classic example of Privacy Breach and now the registered users are apparently going to have a bigger problem of Identity Theft. Along with information like names, addresses and the type of extramarital arrangements, the hack also exposed information on 9,693,860 credit and debit card transactions conducted on the site. The criminals might clone Ashley Madison user’s debit and credit cards to commit fraud or identity theft campaign. Hackers have also downloaded sensitive information such as names, email addresses of users, photos, financial data and message history. Detailed study of the privacy policy of the websites can also help the user asses about the security.
What can the users do?
Here are some tips provided by eScan to its readers:
- Be extremely cautious of posting information in social networking website. Once posted, it is no longer private.
- Customize privacy settings – This gives the option of sharing something with specific people or protecting it from specific people.
- Avoid sharing personal information such as usernames, passwords, bank account numbers etc. with nobody.
- Make use of strong passwords as mentioned here http://1.usa.gov/1Qg7l7u.
- Personal Information Number (PIN) is one of the easiest targets for cyber-criminal. Make sure your PIN number doesn’t have birthdays, birth-years, consecutive numbers, repeated numbers etc.
- Avoid clicking or shortened or unknown suspicious links as they may lead to installation of Malware or Spyware in your computer.
- Avoid giving authorization to wary games and apps, which tend to access your private information.
- Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.