You may want to think twice before trying to see if someone you know was on the list of Ashley Madison users.
Hackers and spammers have been taking advantage of the high-profile breach to target people searching for the infamous list of leaked Ashley Madison users. And let’s be honest, we all went looking for that list.
But by hunting for this information, you may be putting yourself at risk, Troy Gill, a researcher at the email and web security firm AppRiver, told Tech Insider.
“There’s been a tremendous amount of people going out and trying to find out if anyone they know was on the list,” Gill said.
“You are depending on an internet search that is very popular and you could be going to a website that is not particularly a trusted website, because most legitimate websites aren’t going to put stolen data on their page. The fact that it’s stolen data kind of pushes it out to a lower tier of trust.”
Gill said his company has spotted at least one spam campaign that shows up in people's inboxes as an email from CBS News.
The email states that there is now a searchable list of all of the published data and then presents a link to access the list. However, the link takes a user instead to a shady background check website where they must first enter their credit card number.
Gill said the spammers likely aim to get the credit card data and other personal information so they can charge them monthly for a service that provides information that is easily searchable online.
While this particular campaign may be more obvious, other spamming campaigns are not.
Symantec Security points out that just by opening an attachment in one of these emails, your computer could become infected with malware that could result in your computer being taken over by hackers.
Links in these emails could also be dangerous: They could lead to websites that seek to exploit vulnerabilities in your computer’s software so that hackers can get in and do more damage.
Symantec Security said since the August 18 leak they have blocked thousands of spam emails from domains with Ashley Madison in the “to” and “from” fields. They have also blocked a growing number of emails with subject lines like “How to check if your email is part of Ashley Madison’s hack” and “Ashley Madison Hack.”
There’s also been reported cases of criminals blackmailing people who had their email and other personal information leaked by the hackers. Gill said his firm has uncovered messages that seek to extort individuals by mailing a letter to their home address outlining their activities on the site unless they pay two bitcoins or the equivalent of $450.
