Ashley Madison victims targeted (again) by sextortion scams

Victims of Ashley Madison's 2015 cyber breach have found themselves in an uncomfortable situation all over again having received ransom emails last month. According to CNBC, scammers have targeted a number of individuals, formerly Ashley Madison users, whose names were made public following a cyber security breach. The ransomers were demanding for US$1,000 in bitcoin, to avoid the shame of having personal, and potentially damaging, information made publicly available.

This was brought to light by email security company Vade Secure, which has recently been working on a study around email security predictions for 2020. The study highlighted that "data breaches in 2019 would fuel new cyberattacks in 2020". According to its website, a new an extortion scam has emerged where scammers leverage user account information from the high-profile Ashley Madison data breach in 2015 containing details of 32 million Ashley Madison accounts. Data leaked from the incident include names, passwords, addresses and phone numbers, seven years’ worth of credit card and other payment transaction details. It was even said to divulge where members were seeking on the affair site.

"Now, nearly five years after the breach, this data is coming back to haunt users in the form of a highly personalised extortion scam," said the report.

The report, seen by Marketing, stated that the emails are highly personalised with information from the Ashley Madison data breach. The subject of the email included the target’s name and bank, while the body of the email comprised the user’s bank account number, telephone number, address, and birthday. This is in addition to the information from the user's Ashley Madison site, and included references to past purchases made by the user.

Adrien Gendre, chief product officer for Vade Secure, said the 2015 Ashley Madison breach impacted those in the corporate and government sectors, who may be more "susceptible" to paying the bribe demanded by scammers. Vade Secure, however, is not able to view the statistics around who may have paid the ransomers.

The Ashley Madison data breach in 2015 was one that was discussed and analysed by several news outlets at the time. In July 2015, hackers calling themselves “Impact Team” leaked the personal information of some 32 million of the website’s users. The website served as a matchmaking service for married or committed individuals who want to have an affair.

About a year later, Ashley Madison looked to shake off its bad reputation and win back people’s hearts with its first-ever TV ads and a new tagline. The site abandoned its notorious slogan – “Life is short, have an affair” – for a new tagline, “Find your moment”. The adultery dating site repeatedly used phrases such as “open-minded experiences” and “find your moment”, in a bid to position Ashley Madison as more than just a website for cheaters.

In 2013, The Media Development Authority of Singapore (MDA) banned extra-marital dating website Ashley Madison as it found its content “objectionable” as it “aggressively promotes and facilitates” extra marital affairs. According to MDA, the move was in a bid to block a limited number of sites as a symbolic statement of the types of content which the community is opposed to.

Meanwhile, Vade Secure's email security predictions 2020 lists couple of ways hackers can potentially target businesses.

1. Business email compromise (BEC) will wreak havoc on businesses

Most spear phishing emails detected by Vade start out with pretexting, such as “Hello, are you available?”. Due to the lack of content and the brevity of the email, the threat often goes undetected by email filters using text content analysis. Some vendors however, whitelist the email as soon as the recipient responds to it. This essentially makes the cybercriminal a trusted sender, who can continue the exchange with the victim.

2. Sextortion will reemerge, with new ammunition

The report said that there is a resurgence of sextortion emails, and this will only get worse in 2020, due to a variety of new techniques. One of such technique include, bypassing an email security filter by inserting a screenshot of an email in the email body. The screenshot is hosted on a website and therefore does not include content that can be scanned by a filter.

3. Phishing links will find a new home in file-hosting services

The past year has seen an influx of phishing campaigns that include phony file-sharing notifications. This technique, Vade said, is spreading to other hosting services, including Dropbox, Google, WeTransfer, and Evernote. Hosting malware on these types of services is a trend that is slowly growing, the report said, adding that it will however, not slow down.

4. Multiphase attacks will mix email formats and attack types

Many of the affected organisations reported that the ransomware was delivered via phishing emails. This would be more apparent in 2020, and that multiphase attacks will grow in sophistication. The report said this would come with a mixture of phishing, spear phishing, ransomware, and possibly blackmail.