Watch Out For GDPR Related Phishing Scams
We are 9 days away from the GDPR deadline and as we are all receiving an abundance of e-mails to confirm user agreement to new privacy policies, cyber-criminals are using this opportunity to encourage you to fall for a phishing scam.
<< What is GDPR? >>
Why would I fall for this type of phishing e-mail?
There are two main reasons that you will be more likely to click on a phishing e-mail in this period. Firstly, you will be receiving a lot of GDPR related e-mails anyway so you will not think twice about clicking on them. Secondly, some websites or companies will not be able to give you access to their services until you accept their new GDPR-compliant terms and conditions. Therefore, cyber-criminals can use social engineering to make you click on a link or open an attachment out of panic.
What should I look out for?
Before clicking on any link or attachment to an e-mail, and especially before filling out any personal data make sure that:
- The e-mail address is legitimate. Look out for spelling mistakes or inconsistencies with other e-mails you have received from that company, for example, the Airbnb scam used the e-mail ‘@mail.airbnb.work’ rather than the official ‘@Airbnb.com’.
- Check for spelling mistakes generally in the e-mail you have been sent, this is an easy tell-tale sign between a legitimate e-mail and a fake one. Also for logos or company signatures that do not look official.
It is ironic that the very policy being put in place to protect data is being used by cyber-criminals to steal user's data. However, it is good to be aware that cyber-criminals will use any excuse to encourage users to fall victim to their scams and a nation-wide event like GDPR is a great proviso for them to use. If you are worried about your company falling victim to phishing scams then please get in touch with us. We have a product called Phishwise that provides an online training platform for businesses to first assess how vulnerable their business is to phishing attacks, then to educate their employees about phishing.