The following is a Phishing Scam Alert from the KnowBe4 blog regarding the Ashley Madison breach, and while it is making 35 million+ people very nervous, it is important as a business owner or IT admin to educate your network’s users how the breach can cause some serious issues in IT environments (let alone marriages). Phishers are taking advantage of this breach by creating bogus sites and claiming that people can find out if their spouse is on the cheating list, only to fall victim to a scam. Read on:
Your end-users saw this in the news yesterday, or will read about it today. The hackers who stole more than 36 million records from the Ashley Madison site (which makes it easy to cheat on your spouse), have now posted all the records for everyone to see. This is a bad one.
Cyber criminals are going to leverage this event in a lot of different ways: (spear-) phishing attacks, bogus websites where you can “check if your spouse is cheating on you”, or ways to find out if your own extramarital affair has come out.
Any of these 36 million registered users are now a target for a multitude of social engineering attacks. People that have (had) straight or gay extramarital affairs can be made to click on links in emails that threaten to out them.
I have already seen phishing emails that claim people can go to a website to find out if their private data has been released. This is a nightmare that will be exploited by spammers, phishers and blackmailers who are now gleefully rubbing their hands, let alone the divorce lawyers and private investigators that are pouring over the data now.
What To Do About It
I suggest that you take immediate preventive action. It only takes one second for a worried end-user (or admin) to click on a link in an email and expose the network to attackers. I recommend you send something like this to your friends, family and end-users. Feel free to edit.
“Yesterday 36 million names, addresses and phone numbers of registered users at the Ashley Madison site (which makes it easy to cheat on your spouse) were posted on the Internet. All these records are now out in the open, exposing highly sensitive personal information.
Internet criminals are going to exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with Ashley Madison, or that refer to cheating spouses and delete them immediately, in the office or at the house.”
Please forward this to friends, family, colleagues and peers.
As you can see, stepping your users through effective security awareness training is an absolute must these days.
Great Lakes Computer is your trusted source for IT Support and IT Security. We will work with you to ensure the right tools are in place on your network for maximum security, and assist in educating your employees on security awareness.