As a result, we’re all up to our elbows in these emails. One unfortunate and ironic side effect is that it’s created an opportunity for hackers to launch GDPR phishing scams.
How Do the GDPR Phishing Scams Work?
Most likely, the hacker will try to get you to click on a malicious link or glean important information from you.
Cybersecurity firm Redscan uncovered these GDPR phishing scams when they noticed an email that allegedly came from Airbnb.
Clicking on the hyperlink brings you to a page that prompts you to enter personal information, including account credentials and payment information.
But don’t depend on finding red flags after clicking a hyperlink. Redscan said it well:
“In the case of the Airbnb scam email, hackers were attempting to harvest credentials. Attack vectors do vary however and it’s possible that other attacks may attempt to infect hosts with keyloggers or ransomware, for example.”
Airbnb has had an admirable response to the news:
“These emails are a brazen attempt at using our trusted brand to try and steal user’s details, and have nothing to do with Airbnb. We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on [email protected], who will fully investigate.”
They also provided a webpage fully dedicated to informing users on how to identify phishing emails.
What IT Pros Can Do
If you work on a cybersecurity team, make yourself a resource for your users. Let them know to expect GDPR phishing scams and what red flags they should look for. Offer your guidance if they’re ever unsure whether an email is legitimate.
This simple step can save your organization from a breach, but it can even help your users when they’re dealing with their personal inboxes. What better way to foster a good relationship with your users?
For more information on GDPR, check out some of our related articles:
- Three GDPR Requirements That Will Have a Big Impact on Your Organization
- GDPR Compliance, the Supervisory Authority, and How Much Money a Fine Could Cost
- Data Retention: Leveraging NetFlow/IPFIX to Meet Your Compliance Needs