The Ashley Madison breach has been a Christmas-in-August present for spammers and scammers of all kinds, and your company could be the next target.
Here are some scams to watch out for.
There is a significant amount of spam related to the Ashley Madison attack.
According to Trend Micro, the most recent Ashley Madison-related phishing campaign offers a link to the "Ashley Madison Client List" but instead infects the user's computer with banking malware, or locks up files until the user pays one Bitcoin, or approximately $235.
"Companies should block all Ashley Madison related emails at the email gateway and use URL filtering for all inbound emails for those bulletproof hosts which are disseminating this crimewave," said Tom Kellermann, chief cybersecurity officer at Irving, Tex.-based Trend Micro Inc.
"The Ashley Madison episode provides such good phishing bait that the emails are going to be almost irresistible," said David Gibson, VP of Marketing at New York-based Varonis Systems, Inc. "It is a foregone conclusion that people will be seduced into opening these emails and clicking on links claiming to be about Ashley Madison victims."
Companies should step up protections of user accounts, workstations, and sensitive data stores, he said.
KnowBe4 recently sent out a simulated Ashley Madison phishing email -- and got a 4.2 percent average click rate.
"Anyone will be tempted to find out if their spouse is on the Ashley Madison list," said Stu Sjouwerman, CEO at Clearwater, FL-based KnowBe4. "Employees need to be taught that their business email address is property of the company and they cannot use it for private endeavors."
The Ashley Madison hack doesn't just potentially expose user email addresses, but other personal information as well, Criminals can use this data, often in combination with other data sources, to create highly detailed profiles of your employees.
Then they can launch spearphishing campaigns -- very targeted attacks that use this personal information to trick employees into believing that the emails are legitimate. Spearphishing emails can also be combined with phone calls, snail mail, or other types of communications for extra credibility.
Spearphished employees can be manipulated into letting hackers into corporate networks, divulging proprietary data, or even sending large amounts of money to the crooks.
You've probably already checked to see whether any of your company's senior executives are in the Ashley Madison data dumps. You'd have to, to protect your company -- not out of any personal curiosity at all. Obviously.
But has everything come out that is going to come out?
"What’s more worrying is what they are not releasing and instead using as blackmail," said George Anderson, director of product marketing at Broomfield, CO-based Webroot Inc.
Sign up for Computerworld eNewsletters.