Ashley Madison users continue to receive blackmail months after hack

The Ashley Madison hack may be months behind us, but those who used the site are still being targeted with blackmail and threats of exposure.

Security researcher Graham Cluley said he continues to receive a “steady stream” of emails from Ashley Madison users who are worried that their membership to the site may be exposed to their friends and family.

Some users have reportedly been receiving physical letters – sent to their home addresses – claiming their membership information will be handed over to family and friends unless they hand over thousands of dollars.

READ MORE: Leaked data shows popular Ashley Madison passwords were terrible

But Cluley maintains that these scammers are just trying their luck – hoping someone will pay up out of fear.

“I can understand how it would be distressing for Ashley Madison members to receive a letter like that through the post, but I’m strongly of the opinion that – in the majority of cases – blackmailers are trying their luck, hoping that a small percentage of those targeted will pay up,” the security expert wrote on his blog.

“If they tell people close to you then they are ruining any chances that you will ever pay up. Think of it from their point of view. It’s a dumb business model.”

Ashley Madison users have been prime targets for scammers since news of the data breach broke in August.

READ MORE: Ashley Madison data leaks – what to do if online scammers target you

Shortly after the breach was made public, Toronto Police confirmed a number of Ashley Madison users have been contacted by scam artists who asked for money in exchange for silence.

Websites that promised to provide access to the leaked client names, but instead deliver malware, also popped up.

As with any sort of data leak, it’s important to remember that criminals will always use these opportunities to capitalize on those who might be affected. But you could still be targeted even if you weren’t an Ashley Madison user.

Here are some best practices when it comes to recognizing and avoiding online scams via email:

Don’t be fooled by official logos

One of the most common ways that phishing scams will try to fool you is by using official company logos or insignias. In some cases, the email address or web address may look close to the company’s name, but is slightly altered or off by a letter.

Scammers will also try to set up email accounts that look like official accounts. According to an email forwarded to Global News, one of the Ashley Madison scam emails appears to be sent from ash@ashleymadisondata.info.

Check links before you click on them

This tip is especially important: Never click on a link included in a suspicious email.

Often attackers will use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.

But, if you hover your mouse over the link – without clicking on it – a small yellow box will appear showing the actual web address the link will take you to. If the link doesn’t match the hyperlinked text, it’s likely malicious.

View image in full screen

Be proactive

As phishing scams become more sophisticated and harder to spot right away, it’s best to be proactive when it comes to online security.

This means making sure your web browser software is up to date, ensuring that its security features are protecting you against the latest discovered vulnerabilities. This means you should use a browser that has good security functions.

READ MORE: How to protect your computer from malware

Google Chrome, for example, uses two main security features – the Safe Browsing API site list, as well as a feature that confines infectious programs to the open browser page, preventing the virus from spreading to the computer, if the user comes across a dangerous site.

You should also use some sort of anti-virus software on your computer.