GDPR Phishing Scams

June 15, 2018

An ironic and unintended consequence of the recently implemented General Data Protection Regulation (GDPR) is an influx of phishing emails sent by cybercriminals to steal credentials citing GDPR as the primary reason for the communication.

On May 25th of this year, GDPR, a legal framework passed by the European Parliament went into effect in the European Union (EU). GDPR is a data protection and privacy law specific to all natural persons who are alive and with feet within the European Union when data is collected. 

The stated goal of GDPR is to provide control to citizens and residents of their online data, and thus, Users must provide consent to participate in any services which collect data.  Consent is frequently provided through updated end-user agreements often sent through email.

However, be aware of the following to avoid falling prey to a phishing email.

  • Legitimate emails will never request personal or financial data (passwords, credit card numbers, banking information).
  • Be suspicious of any unsolicited email asking you click or follow a link.  Hover the mouse over the link to ensure the link does not direct to another location.
  • Be cautious when receiving an unsolicited attachment, especially from a sender you do not recognize.  Take the time to contact the sender to ensure the attachment is legitimate.
  • Communicate personal information only via phone or secure websites - but do not divulge personal information over the phone unless you initiate the call.
  • Protect your computer with a firewall and anti-virus software.  Always ensure your anti-virus software is up to date.