WATCH ABOVE: Toronto Police urging those who are getting extortion messages from Ashley Madison hack not to pay
TORONTO – The Ashley Madison data leak has stirred up a lot of trouble. Not only have the leaks exposed millions of users’ potential desire for infidelity, but spread their personal information – including credit card details – all over the web.
But now there is a bigger problem stemming from these data leaks – criminals are capitalizing on the incident to try to extort people and spread malicious software.
Toronto Police confirmed Monday a number of Ashley Madison users have been contacted by scam artists who threatened to share their profile information with friends, family and even employers unless they hand over money.
“If you would like to prevent me from sharing this dirt with all of your friends and family (and perhaps even your employer too?) then you need to send exactly 1.05 Bitcoins to the following address,” said an email dated Aug. 23 directed at a client released by Toronto police on Monday.
Police say the Bitcoin amount is equal to around $300 Canadian.
Websites that promise to provide access to the leaked client names, but instead deliver malware, have also popped up.
As with any sort of data leak, it’s important to remember that criminals will always use these opportunities to capitalize on those who might be affected. But you could still be targeted even if you weren’t an Ashley Madison user.
Here are some best practices when it comes to recognizing and avoiding phishing scams:
One of the most common ways that phishing scams will try to fool you is by using official company logos or insignias. In some cases, the email address or web address may look close to the company’s name, but is slightly altered or off by a letter.
Scammers will also try to set up email accounts that look like official accounts. For example, according to an email forwarded to Global News, one of the Ashley Madison scam emails appears to be coming from the email address email@example.com.
This tip is especially important: Never click on a link included in a suspicious email.
Often attackers will use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.
But, if you hover your mouse over the link – without clicking on it – a small yellow box will appear showing the actual web address the link will take you to. If the link doesn’t match the hyperlinked text, it’s likely malicious.
Note: In some browsers, like Google Chrome, the yellow box will appear in the bottom left hand side of the window instead of directly below the link.
As phishing scams become more sophisticated and harder to spot right away, it’s best to be proactive when it comes to online security.
This means making sure your web browser software is up to date, ensuring that its security features are protecting you against the latest discovered vulnerabilities. This means you should use a browser that has good security functions.
READ MORE: How to protect your computer from malware
Google Chrome, for example, uses two main security features – the Safe Browsing API site list, as well as a feature that confines infectious programs to the open browser page, preventing the virus from spreading to the computer, if the user comes across a dangerous site.
You should also use some sort of anti-virus software on your computer.
Because the Ashley Madison data leaks are currently under investigation, police are asking that the public report any possible scams or incidents of extortion to their local authorities.
Toronto Police have also set up a dedicated social media and outreach channel to the Ashley Madison investigation. You can contact the investigative team at (416) 808-2040, or send them a direct message on Twitter at @AMcaseTPS.
Remember: If you receive an email asking for money in exchange for having your Ashley Madison details deleted, it’s nothing more than a scam.
As Toronto Police pointed out, the database containing leaked account information has been spread all over the Internet, which means it’s very unlikely the record of that account could ever be erased completely.
© 2015 Shaw Media