Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ashley Madison still a top lure for scammers and crooks

Maria Korolov | Sept. 7, 2015
The Ashley Madison breach is an early Christmas for spammers and scammers.

After all, criminals can't threaten to release data that's already been released.

So don't wait until you see senior executives start avoiding eye contact and collecting quantities of unmarked bills. Have a plan in place for what your company will do if an executive is targeted for extortion.

"This information is very useful for making people with high levels of authority be coerced into doing things they wouldn't normally do," said Casey Ellis, CEO at San Francisco-based Bugcrowd.

In fact, an executive doesn't even have to be a user of Ashley Madison to be a potential target.

"They only need to be convinced that others might believe they are," Ellis said. "Attackers are crafty like that."

Ellis recommends not only having a plan in place but discussing it ahead of time with the executive team.

And if there's a scandal brewing?

"My best piece of advice is to get ahead of the story," he said.

Even employees who used an alias for Ashley Madison might still be at risk if criminals are able to figure out who the account really belongs go, said Itay Glick, CEO at Sunnyvale, Calif.-based Votiro Inc.

Signing up for any shady site carries risks, experts say.

"In the case of Ashley Madison, members who fared the best resorted to one-off e-mail addresses that weren’t associated with their other contact information, and paid with untraceable pre-paid debit cards," said Nikki Parker, VP of Growth and Strategy at Sydney, Australia-based Covata Ltd.

Quick-fix scams

You'd think that everyone already knows that if something is online, it's there for ever.

But "reputation repair" scammers are finding victims willing to pay money to have their names removed from the Ashley Madison lists, said Will Gragido, head of U.S. threat intelligence research at London-based Digital Shadows Ltd.

It's a scam because it's impossible to erase these names, he said.

"The breached data appeared in a number of locations and was shared and downloaded by many individuals and organizations for both noble and illicit purposes," he said.


But not all attackers are after money. Some just want to see you suffer.

"We’re seeing a new wave of ‘hacktivism’ where cyber criminals are trying to inflict brand and reputation damage, or promote social change," said Kevin Cunningham, president and founder at Austin-based SailPoint Technologies, Inc.

"Hacktivists" can expose the reputations of company employees to criticism.

And companies can suffer brand and financial damage, he added. "The embarrassment and notoriety for the enterprise are long term."

Stolen passwords

Okay, this one isn't actually a scam -- more a case of someone walking along, seeing your keys right there next to your car, and driving off with your vehicle.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.