Ashley Madison hack leads to extortion scams
The recent hacking of data from website Ashley Madison and its sister site Established Men represents a big opportunity for scammers.
You may not have ever used either site but you could still be at risk, so don’t just dismiss this warning as irrelevant to you. You should read on.
The millions of worldwide email addresses released online by the hackers are said to include more than 88,000 in Perth. It is widely reported, and seemingly undisputed by Avid Life Media, the Canadian company that owns Ashley Madison, that anyone could enter any email address to sign up and use the site’s free features. There was no verification system where the email account owner then had to click a link to activate the account. This means that an acquaintance, colleague or anybody who knows your email address could have entered it. (You may have seen or heard in the news about someone using the New Zealand Prime Minister’s name for example, which his office described as ridiculous).
The first you might know of your email address being ‘exposed’ is when you get an extortion scam email in your inbox advising that you need to make a payment to prevent this information being shared with your friends, family and even employer.
WA ScamNet has so far received at least one report from a person who has received an email extortion scam. It was like the example shown, which was released by Toronto Police Service.
How can I check if my email address is affected?
There are free sites such as Have I Been Pwned that give you an opportunity to check whether your email address really was in the data dump – the reputable ones require email authentication by the account owner before they will reveal the answer. This is to prevent prying eyes, including scammers, getting hold of that information.
Beware that entering your email address into a site out of curiosity could land you in trouble because IF it’s not a known and trusted site, it could be scammers collecting data to prey on you.
It cannot be ruled out that scammers will inbox people whose email account details were not even included the data dump just to try to trick them into clicking a link that installs malware or ransomware onto the computer or device.
Alternatively scammers may make claims via email about a person’s partner being implicated in order to get that person to click a dodgy link or attachment.
WA ScamNet recommends that you do not click any links or open any attachments within an email of this nature. Please read our previous ransomware warning.
If you receive an email seeking a fee for the deletion of data or so-called ‘hush money’ to keep the scammers quiet about information they have found, WA ScamNet recommends that you do not respond or pay any money.
If your email is within the data dump you cannot undo that, however you could set up a Google alert for your name or email address to advise you when anything about you or the email account is posted online. WA ScamNet website has details of how to do this and other tips to Fight Back against blackmail scams.
It has been reported that the worry linked to the hack has led to some people considering suicide or actually taking their own life. Anyone dealing with suicidal thoughts can call Lifeline on 13 11 14.
For anyone who was a true paying client, according to Ashley Madison's statement its customers’ bank details are not at risk.
“No current or past members’ full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false. Avid Life Media has never stored members’ full credit card numbers.”