Fake Ashley Madison Phishing Campaigns Could Be Putting Your Company at Major Risk
Earlier this summer, the Ashley Madison hack released the data of a total of 36 million users who had registered on the “dating” site, which connects people who are looking to have an affair.
In the wake of the data release, several websites have sprung up, claiming that you can see if someone you know has had their data released on Ashley Madison by simply entering the email address of the person in question.
But unfortunately, according to CSO online, many of the sites are malware in disguise, looking to hack into your data.
Ashley Madison phishing campaigns are offering client lists. But upon giving them an email address, they gain access to your data, locking it unless you pay a the price of a single bitcoin — amounting to a total of $236.
And for those searching the faux phishing sites at work, your curiosity could indeed kill the proverbial cat, and cost your company — big time.
In their quest to discover the truth, many users are searching at work or are using their work emails. What’s worse, many employees of companies used the same emails for Ashley Madison as their place of employment, putting their companies at serious risk of malware attack.
“An alarming majority of employees don’t understand the security risks of their behavior,” said Darren Guccione, CEO and Co-founder at Chicago-based Keeper Security, Inc in an interview with CSO News.
Malware threats aren’t necessarily news. In fact, in 2012, there were approximately 82,000 new malware threats each day.
As part of the hacking campaigns floating around the internet, many Ashley Madison users are shelling out big bucks to erase their emails, even though it is virtually impossible to erase your fingerprint from the world wide web.
In order to protect yourself and your place of employment, CSO News recommends that employees should change their passwords regularly in order to avoid hacking of all kind. Additionally, it’s important to block any and all emails regarding Ashley Madison.
And to test an employee’s ability to judge a phishing campaign, companies should employ training programs that include mock phishing campaigns.