Taking advantage of the Ashley Madison data breach, spammers have been quick to try to cash in with a spike in spam email campaigns mentioning the infidelity website. The breach and subsequent leak of user data has created a market opportunity for scammers seeking to take advantage of people affected by the breach, says global security firm Symantec.
Immediately after the leak of a database of the site’s customers on August 18, there was an upsurge in spam activity relating to the breach. Since August 19, Symantec has blocked thousands of spam emails listing domains relating to Ashley Madison in the “to” or “from” fields. From August 22, further spam campaigns have been blocked that contain references to the website in the subject lines of emails. Blocked subject lines like: “How to check if your email is part of Ashley Madison's hack”, “Ashley Madison Hack Should Scare You”, “How to Check if You Were Exposed in Ashley Madison Hack”, etc.
Security writer Brian Krebs has reported on blackmail emails aimed at people who had their details exposed in the breach. Krebs quoted one email which demanded a Bitcoin (approximately $225 at the time of writing) from the target in exchange for a promise of non-disclosure of the information to their partner.
The sheer size of the Ashley Madison breach coupled with the embarrassing nature of its database provide a perfect opportunity for scammers to prey on those worried that their or their partner’s name is included in the data cache. So, one should be very wary of any email related to the leak.