Scammers Take Advantage Of Ashley Madison Breach

 

 

 

 

 

 

 

Since the large-scale August 19th data breach revealing millions of user profiles and email addresses from the Ashley Madison online dating site, we have found and blocked a surge in email spam activity related to the Ashley Madison data breach.

Online scam artists work quickly to take advantage of big headlines, and of natural human curiosity. When we hear of a sensational story through our email, the web, or through social media, we’re often enticed to click on a link or open an attachment to find out more, and that’s where these cybercriminals “get” us. Opening an attachment could lead to malware that allows the bad guys to take over your computer. Visiting a “bad” website could allow cybercriminals to try to attack the weak spots in your computer’s browser or other software and exploit them to deposit code that takes over your computer –OR – the website could convince you to enter personal information that you definitely don’t want cybercriminals to have (usernames, passwords, etc.).

Because the Ashley Madison data breach happened on such a large scale, and because of the embarrassing nature of the information revealed, this particular event provided the perfect opportunity to both blackmail people whose details might have been exposed, as well as prey on people who might be concerned that their partner’s name could be included in the data uncovered by the Ashley Madison hackers.

How Norton keeps you safe from scammers

Norton customers are protected from such insidious cybercriminal activity in multiple ways.

First, our security researchers pay very close attention to what’s going on in the world because they know that hackers will take advantage of big headlines and data breaches. Norton Antispam technologies filter out as many emails as possible from your email client that have “bad” email domains related to the topics that these hackers may be trying to exploit in the “To” and “From” fields.

Examples include:

  • ashleymadisonaccounts.com
  • ashleymadisonlegalaction.com
  • ashleymadisonlistleak.com

However, Norton Antispam only works if you download your email onto your PC using a POP3 service. Those who use webmail, don’t worry.  There are other ways that Norton kicks in to keep you protected.

When you first download Norton onto your PC, you have the option to install the Norton Safe Web tool bar onto your browser. When you click on a website, this handy tool uses fast cloud look-ups to check the reputation of that site in real time. If that site is a malicious one, Norton Safe Web will intercept and block it so that no harm can come to your PC.

Okay, but what if, somehow, you are able to click on a site that doesn’t have a bad reputation, but still contains malicious attack code? Norton’s Intrusion Prevention System (lovingly called “IPS” by folks here at Norton) monitors all traffic between that site and your computer. If we see anything that looks like attack activity, we immediately block the connection to that site before any damage can come to your PC.

Finally, our anti-phishing technologies make sure to analyze any website that you visit for early warning signs of phishing so that we can make sure to let you and other Norton users know if there is anything “phishy” going on with that site.

Additional tips to stay safe:

  1. There are lots of sites out there that are built to help people check the email addresses of people they know against the dumped database, to see if that person has a profile. Always use caution with these sites, as their operators might be looking to extort folks whose information is entered into the site. Use free tools, such as Norton Safe Web, to check on the reputation of the site.
     
  2. Be very wary of any emails that claim to be related to the breach, especially if they contain the domains or subject lines listed above. It’s best not to open emails, particularly those with attachments, from people or businesses that you don’t know, nor is it safe to click on links or attachments in those emails.
     
  3. Never pay anyone who claims to be able to “erase” your personal details from leaked data. Unfortunately the information is already out there, and multiple copies of that information exist.