Xenace Logo
Call Us: 0333 444 44 02
Email: info@xenace.com
  • Home
  • Blog
  • Watch Out For GDPR Related Phishing Scams

Watch Out For GDPR Related Phishing Scams

We are 9 days away from the GDPR deadline and as we are all receiving an abundance of e-mails to confirm user agreement to new privacy policies, cyber-criminals are using this opportunity to encourage you to fall for a phishing scam.

<< What is GDPR? >>

Why would I fall for this type of phishing e-mail?

There are two main reasons that you will be more likely to click on a phishing e-mail in this period. Firstly, you will be receiving a lot of GDPR related e-mails anyway so you will not think twice about clicking on them. Secondly, some websites or companies will not be able to give you access to their services until you accept their new GDPR-compliant terms and conditions. Therefore, cyber-criminals can use social engineering to make you click on a link or open an attachment out of panic.

<< See our blog post all about social engineering here >>

What should I look out for?

The most high-profile example of this type of phishing e-mail is from a cyber-criminal posing as Airbnb. The e-mail requests that you click a link to accept a new privacy policy then leads you to a page where you are asked to fill out some personal information.

Before clicking on any link or attachment to an e-mail, and especially before filling out any personal data make sure that:

  • The e-mail address is legitimate. Look out for spelling mistakes or inconsistencies with other e-mails you have received from that company, for example, the Airbnb scam used the e-mail ‘@mail.airbnb.work’ rather than the official ‘@Airbnb.com’.
  • Check for spelling mistakes generally in the e-mail you have been sent, this is an easy tell-tale sign between a legitimate e-mail and a fake one. Also for logos or company signatures that do not look official.
  • Think before you act, is there a reason for you to provide the company with your credit card details when you are just accepting a new privacy policy? If in doubt go to the company website and e-mail their general e-mail address to double check the e-mail is legitimate, or if there is a number you can call this is the best way to ensure you speak directly to the company and your e-mail is not intercepted.

It is ironic that the very policy being put in place to protect data is being used by cyber-criminals to steal user's data. However, it is good to be aware that cyber-criminals will use any excuse to encourage users to fall victim to their scams and a nation-wide event like GDPR is a great proviso for them to use. If you are worried about your company falling victim to phishing scams then please get in touch with us. We have a product called Phishwise that provides an online training platform for businesses to first assess how vulnerable their business is to phishing attacks, then to educate their employees about phishing. 


Latest Tweets
Contact Details
  • London (Head Office)
    71-75 Shelton Street
    Covent Garden
    London, WC2H 9JQ
  • Phone: 0203 890 5533
  • Essex Office
    North Colchester Business Centre
    340 The Crescent, Colchester
    Essex, CO4 9AD
  • Phone: 01206 911 363
  • Kent Office
    Media House, 99-101 High Street
    Orpington
    Kent, BR6 0LG
  • Phone: 01689 493 366
  • Email: info@xenace.com
  • Monday - Friday: 8:30 am - 6:00 pm
    Saturday - Sunday: Closed
Get in Touch
© 2019 Xenace Ltd. Terms & Conditions | Privacy Policy