GDPR Phishing Scams – A Novel Trap to Scoop up Information

General Data Protection Regulation (GDPR), an EU regulation comes into force on 25 May 2018 and aims to provide users with more control over their online data. 

It is ironic that the aim of GDPR is violated by the scammers in an unexpected way i.e. GDPR phishing scams. 

What are GDPR phishing scams?

To comply with the GDPR requirements, organizations send emails to customers to ask permission to use or retain their data. If customers give their consent, organizations keep those customers on the mailing lists. It was streamlined before the cybercriminal opportunists emerged. They take advantage of the deluge of GDPR emails and arrive in the inboxes of naive customers. Flood of messages is sent from the websites where customers have registered themselves previously and are supposed to resend a consent via email. From there web scraped emails, the personal details are stolen and used in malevolent activities. Criminals trick consumers through such phishing emails and grab credit card details, passwords, and personal information. 

EU GDPR regulation is applicable to all EU residents. They are supposed to strictly follow the GDPR requirements, therefore the emails are sent by the companies far and wide. Scammers use these emails to fool the customers. A large number of phishing scams have surfaced in the past few months. The regulation whose purpose is to secure the data of online users has turned turtle and became the trick to violate privacy. 

Apple Phishing Scam

Phishers impersonate reputable companies and familiar brands because there are higher chances that the recipients will respond to the emails from such email addresses or they would definitely have registered at such websites. Apple is one of those famous brands. 

The attackers sent GDPR phishing emails to users and asked to log in to a fake Apple site. These emails appear as if they belong to a legitimate Apple website and fool the victims by saying, ‘due to unusual circumstances, their account has been limited and need to update the credit card credentials’. At the end of the email, a link is given and when a click stroke is done, it is redirected to a website that seems a real website but is actually a phishing attack. Once the user enters the account credentials, the Apple account is taken over by the attacker where they find all the possible personal and financial information of the user. At the time victims report against the website, the fake website was offline which gets hard to track. 

Airbnb Phishing Scam

The GDPR email phishing scams are predominantly targeting the email addresses of well-known companies. Airbnb has also been subjected to these attacks. After the GDPR compliance requirements, Airbnb started sending legitimate emails to its customers to comply with the policies. Fraudsters took advantage of these emails and send phishing emails to Airbnb users. It seems that email is from a customer support office of Airbnb but these are actually the fraudulent messages whose aim is to steal the customer data for illegal purposes. These sophisticated emails had different URLs, grammar mistakes, spelling mistakes, threatening language and request to update the credentials. After such phishing incidents, Airbnb asked its customer community to verify these emails if they look suspicious.

These two main scams have come onto the surface which explicitly delineates the email malware which is fooling the customers of trusted brands. More such cases can also appear in the future that can directly or indirectly affect the lives of people and organizational reputations. Therefore, such brazen attempts and ransomware attacks should be curbed by logging into the official websites to verify request emails.