As you have probably heard by now, a group of hackers who call themselves The Impact Team recently breached the systems of Avid Life Media (ALM), and stole sensitive data from AshleyMadison.com. The group has since published a large cache of data that includes personal information from members of the site, and are making that data available online for download. To make the situation worse, opportunistic scammers are looking to capitalize on this unique opportunity for a financial gain of their own.
To start, the scammers will send phishing emails suggesting that they have information on the recipient that will expose them as an AshleyMadison user. The scam methods they’re using are quite simple and common, yet highly effective when used as a scare tactic like this. Spammers often buy full lists of verified addresses (email addresses in this case) after a large breach, then target and attempt to solicit the users.
Here’s how this particular scam works:
An unsuspecting user will get an email titled – “Recent data leak, your details are there!” (image below)
Once the user opens the email, they will see a note that implies that their personal information has been leaked along with the other 37 million people. At the end of the note, they are directed to click on a link that will direct them to a page that offers services from UnTraceMe. From there, they are directed to pay a fee of $19.95 to get their information secured and removed. (image below)
After a spooked user agrees to pay the fee and clicks on the link provided, they are then directed to use a PayPal-like site to pay the fee and “secure their information.” (image below)
What folks don’t know is that the leaked data can be retrieved by just about anyone, and will not disappear no matter what ransom is paid. At this time, Barracuda Labs has blocked over 1000 emails similar to the one imaged above, and depending on the monetary success that the spammers receive, the prices will likely increase as users rush to clear their names.
It is important to follow best practices when receiving emails from unknown users. If you aren’t sure where the email is coming from, it’s always best to:
- never click on links in the body of an email
- never download attached files
- be cautious of strange subject lines
For more information on the Big Business of Spam, check out the links below