GDPR Phishing Attacks – We Saw it Coming after the Law Passed
04 Jun , 2018
The EU GDPR (General Data Protection Regulations) are here and cyber criminals are already prepared to launch new attacks against people while the media focuses on the new laws.
Since GDPR is new and people are unaware of it, cyber criminals have already started sending out phishing emails that are similar to GDPR emails.
The latest attack was targeted towards the customers of NatWest Bank by sending them malicious messages and getting their information.
As GDPR is launched, most companies have updated their privacy policies and they are informing their customers about it. This is the perfect moment for cyber criminals to attack.
As you might already know, phishing is a social engineering attack wherein the attacker creates a message or a website that looks genuine but is actually designed to get important information about their victims.
Real and Fake GDPR Email- The Difference
According to the particulars in the GDPR, companies are compelled to inform their customers about policy changes. So you might have been receiving emails about policy updates. However, these emails will only inform you about the changes and will not ask for your personal or financial information.
If you receive an email that claims to be a policy update but needs some input from your side (especially if it’s your information), it’s an obvious fake.
So, you can say that there is a stark distinction between the two and the informed user can spot it rather easily.
How Are GDPR Phishing Scams Perpetrated and How Can You Avoid Them?
Phishing scams have long used the method of impersonation to con people out of their money and vital information. GDPR is just another moment that crooks want to exploit.
This is done with a methodical approach which involves impersonating a tech giant like Google or Apple. The email you receive might include the company logo to trick you into thinking that the email is genuine. Keep in mind that copying a company logo and placing it in the email is really easy. Just because an email contains a company logo, it doesn’t make it genuine.
How to spot a fake email? Pay attention to its language. Despite the fact that scammers can use effective and authentic language, they generally fail to reach the level of professionalism found in genuine emails from big companies. This is a sure giveaway that the source of the email is not authentic.
Furthermore, you can check the actual content of the email and determine its intent. No genuine company rep will ever ask you for your personal information over the electronic medium. So, if the email asks you to provide personal information, you should be alarmed.
What Conclusion Should the Cautious Individual Draw from GDPR Phishing Scams?
Scams are nothing new to the digital landscape. With the increase in tech security and overall knowledge of these tactics, successful scams should be decreasing. However, the novelty and variety of ways in which you could be subjected to attacks are increasing. Keep in mind that most scams can be avoided by just staying vigilant.
Don’t simply trust any email you get. This especially applies to the emails that request information from you.
Make sure you avoid phishing and your company stays updated about GDPR. Non-compliance can cost your organization up to €20 million! For more details on GDPR, click here.