Scammers have moved quickly to take advantage of the Ashley Madison data breach and Symantec telemetry shows a spike in spam email campaigns mentioning the infidelity website. The breach and subsequent leak of user data has created a market opportunity for scammers seeking to take advantage of people affected by the breach.
Immediately after the leak of a database of the site’s customers on August 18, there was an upsurge in spam activity relating to the breach. For example, since August 19, Symantec has blocked thousands of spam emails listing domains relating to Ashley Madison in the “to” or “from” fields. Among the domains blocked were:
- ashleymadisonaccounts.com
- ashleymadisonlegalaction.com
- ashleymadisonlistleak.com
- ashleymadisondata.net
- ashleymadisondata.info
- ashleymadisondata.co.uk
- ashleymadisondata.org
- ashleymadisonteam.com
- ashleymadisonleakeddata.com
- ashleymadisonnews.net
- checkashleymadison.com
- ismyhusbandonashleymadison.com
From August 22, further spam campaigns have been blocked that contain references to the website in the subject lines of emails. Blocked subject lines included:
- “How to check if your email is part of Ashley Madison's hack”
- “Ashley Madison Hack Should Scare You”
- “How to Check if You Were Exposed in Ashley Madison Hack”
- “Ashley Madison records leak”
- “Ashley Madison Hack Update”
- “Ashley Madison hacked, is your spouse cheating”
Figure 1. One spam campaign takes advantage of Ashley Madison breach by posing as report from legitimate news site
Given the nature of its business, Ashley Madison has always been the subject of some spam activity. For example, one campaign which began on July 1, before news of the breach emerged, featured a subject line of “pending message from ashleymadison.com”. However, recent weeks have seen a spike above this baseline of activity.
For example, the number of spam campaigns blocked on the basis of mentioning Ashley Madison shot up immediately after the publication of the stolen database on August 18. Although indicative of the trend, this represents a fraction of all blocked campaigns as many more would be detected under general anti-spam rules or predictive heuristics.
Figure 2. Cumulative number of spam campaigns blocked on basis of mentioning Ashley Madison since July 1
Others have also noted attempts by scammers to capitalize on the breach. For example, security writer Brian Krebs has reported on blackmail emails aimed at people who had their details exposed in the breach. Krebs quoted one email which demanded a bitcoin (approximately US$225 at the time of writing) from the target in exchange for a promise of non-disclosure of the information to their partner.
Advice for consumers
Scammers are often quick to take advantage of current events. The sheer size of the Ashley Madison breach coupled with the embarrassing nature of its database provide a perfect opportunity for scammers to prey on those worried that their or their partner’s name is included in the data cache. Be very wary of any email purporting to relate to the leak.
Exercise caution with websites offering to check if someone’s details are included in the breach. Unscrupulous operators could use the submitted details to identify people who are worried about the data leak and target them with extortion attempts.
Do not pay anyone offering to remove personal details from the leaked data, since this cannot be done. This information is already in the public domain and multiple copies exist.
Free tools such as Norton Safe Web allow you to check on the reputation of a website and find out if it has been flagged by other internet users as unsafe.