Security awareness

How to Protect Yourself From GDPR-Related Phishing Scams

May 4, 2018 by Megan Sawle

Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule.

While this outreach is essential (Article 7 of GDPR requires data processors to “demonstrate that the data subject has consented to processing of his or her personal data”), this flood of email communications offers hackers a timely opportunity to spread malware and/or harvest sensitive data.

Redscan, a threat detection and response firm working out of the UK, reported the first known GDPR-related phishing scam just this week. In this scam, hackers pose as Airbnb’s customer support team. The email requests customers update their personal information by (surprise!) clicking a link in the email. The email looks like this:

Source: Redscan

As you can see, the email is convincing. The Airbnb logo adds legitimacy, and like so many other emails sent recently, cites GDPR as reason for the outreach.

Unfortunately, security policy acceptance scams are not new. What’s particularly dangerous about this new strain of GDPR-related scams is how well they can hide in the dozens of other legitimate policy acceptance emails we receive each week.

Educating yourself, your coworkers and your family about how to detect phishing emails is one of the best ways to keep your data safe from attacks. Fortunately, protecting yourself from this new threat is simple: Instead of clicking on any GDPR policy-related links, navigate to the sender’s website yourself and review and accept changes directly on their website.


Posted: May 4, 2018
Megan Sawle
View Profile

Megan Sawle is a communications and research professional with 10 years of experience in cybersecurity, bioscience and higher education. Megan leads Infosec’s research strategy, leveraging study findings to mature its cybersecurity education offerings and build awareness of cybersecurity diversity and skill shortage challenges. Since joining the team, she’s directed research projects on a wide variety of cybersecurity topics ranging from dark web marketplaces and phishing kits to the Workforce Framework for Cybersecurity (NICE Framework) and the importance of soft skills in cybersecurity roles. Megan is a University of Wisconsin-Stout graduate, an avid equestrian and (very) amateur mycologist.