Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Ashley Madison Data Breach Comes Back to Haunt Customers with New Sextortion Scam

    Very worried business woman at the officeJust when you thought everyone forgot about participation on the ill-famed cheaters website, a new phishing scam looks to use the breached data as the basis for extorting the site’s users.

    Data breaches yield phishing scams. It’s a given at this point. And with the 32 million Ashley Madison accounts from 2015’s sensationalized breach including all kinds of personal details – from banking, to date of birth, to personal interests on the site, and more – it remains a pretty good basis on which to launch a full-scale attack on the site’s (hopefully) former customers.

    One of the keys to a good phishing scam is context. The more contextually accurate the email message aligns with the recipient, the better the chances of success. In this case, because the details being leveraged are at very least former details, the scammers are hoping they are enough to capture the attention of their potential victims.

    The emails ask for 0.1188 BTC or a little more than $1,000. If not paid, the email threatens to send the personal details provided in the email “and more” to “everyone who knows you”, providing a deadline of six days from now by which to pay the extortion fee.

    1-14-20 Image

    The email also includes a PDF attachment containing a QR code to help point the victim to an acceptable payment method.

    While this email scam is simply after the recipient’s money, it could just as easily be a scam intent on installing malware, holding an organization for ransom, etc. Your organization should educate its users on scams like these (and the appropriate response of simply ignoring it) through continual Security Awareness Training. The reality of this scam is that it’s pretty benign if simply left alone; the same can be said for most phishing attacks that rely on the user engaging with the email, becoming emotionally connected with its message, and performing a desired action – be it clicking a link, opening an attachment, or replying. Educating users to identify and ignore these emails is not only best practice, but will help improve the organization’s security stance.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Data Breach

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews