Cybersecurity and threat analysis firm, Vade Secure, has discovered a extortion scam that is using data from the 2015 Ashley Madison attack to target victims.
Ashley Madison is a Canadian online dating and social networking service that is designed to help people who are married or in a relationship meet others for discreet affairs.
Five years ago, hackers lifted the details of more than 32 million of the controversial website’s users and published them on the dark web, which led to many of the users being blackmailed or publicly embarrassed. A number of celebrities and politicians were exposed in the attack and three suicides have been linked to the incident.
Over the past two weeks, Damien Alexandre, a threat analyst at Vade discovered “several hundred” emails that threaten to expose those intimate details unless former subscribers pay a sizeable fee of $1,000 in bitcoin.
The threatening emails are highly personalised and contain real information about the user such as their email addresses, when they signed up to the scam, their username, security answers and the sexual interests they entered on the site.
One of the emails, dated 15th of January, reads: “I know everything about you. I even know that you ordered some…let’s call them ‘male assistance products’ online on 12/11/2018 using your account at Bank of America N,a routing# 121000358 account# [redacted] for $75 for mailing to [redacted] CA [redacted]!”
- Edinburgh Mobile App Developer xDesign Acquires Bemo
- Logan Energy Selected as Partner for £1.9m Irish Transport Project
- WhatsApp Will Stop Working for Millions of Users
“If you do not act very fast your full AMadison profile and proof of it will be shared with friends, family, and online over social media — and of course your internet orders,” the extortionist continued.
Unlike less sophisticated scam emails, the financial demand was not made in the email body itself, but rather a password-protected PDF attachment. This helps the malicious message avoid detection by email filters, URL scanning or sandboxing technologies.
The company urges victims to not give in to demands in what is a new version of the common ‘sextortion’ scam.