Spammers thrive on two things: large lists of victims (i.e. email addresses), and data to exploit them with. The recent breach of the cheaters' dating web site Ashley Madison provides both, and in great quantity. Spammers have wasted no time in exploiting these victims with a variety of new campaigns.
Cloudmark reported on a blackmailing scheme recently, in which spammers target Ashley Madison users with a threat to reveal their participation in the site to family members unless a bribe is paid. Not to be out-done, we searched our own logs and discovered an entirely different type of scam: a new web site, ashleymadison-repair.com, which fraudulently promotes a removal service that can purportedly remove all traces that someone participated in Ashley Madison. The site even provides a helpful price table with a schedule of the specific services they offer:
We have noticed a significant up-tick in email subjects mentioning Ashley Madison. Here's a chart showing the trend since early July. The breach happened on July 15th, after which there was an immediate bump in email mostly sharing news stories about the breach. More recently, we've seen a spike that correlates with abuse of Ashley Madison users for extortion and fraud as described above.
Today, we saw a spam run promoting ashleymadison-repair.com. Subject lines were of the form: "YOUR NAME - Remove your Ashley Madison data from the Internet now! XX:XX:XX PM". If you happen to receive a message like this, rest assured visiting the site and paying money to have your data removed will have no effect other than reducing the bank balance you might need to defend yourself in divorce court.