Gdpr-related phishing scams
What’s the threat?
Cyber-criminals are sending fake Gdpr-related emails hoping to trick people into revealing personal data. Implemented on 25 May, GDPR (General Data Protection Regulation) is major Eu-wide legislation that gives you more say about how and where your data is used.
To comply with the law, companies are emailing customers asking them to ‘re-consent’ to receive further messages. Fraudsters are exploiting this to send emails pretending to be a company’s official request for reconsent. They urge customers to click links then submit personal details.
In one scam, spotted by UK security company Redscan, customers of property-rental service Airbnb are told they couldn’t take any more bookings until they accept its new privacy policy. It adds that the changes are “mandatory because of the new changes in the EU digital privacy legislation”. The emails were sent from the fake address @mail. airbnb.work, which looks similar to the real @airbnb.com.
Mark Nicholls, Redscan’s director of cyber-security, said: “The irony won’t be lost on anyone that cyber-criminals are exploiting the arrival of new data protection regulations to steal people’s data”.
How can you stay safe?
It won’t be easy because many companies, big and small, will be sending official emails. Scammers know that customers will be expecting them, and are ready to pounce with their own fake emails. Telling them apart is harder than ever because criminals are getting better at making scams look legitimate. Look at the image above, showing real and fake Airbnb emails: both are well written, and both use the correct logo.
If in doubt, check the sender’s email address, then compare it with previous messages you’ve received. You could also phone the company to ask whether the email is real.