Help! GDPR or Phishing Mail?

Help! GDPR or Phishing Mail?

The GDPR is almost upon us! Thanks to countless mails everyone – including you, your parents, your dog and yes, even cybercriminals – will have a hard time missing it. The latter is why you should be extremely careful nowadays when it comes to what kind of links you actually open in your mails.

GDPR – The new Regulation

Lately, you might have noticed more and more mails with subjects like “[Action required] Opt-in to stay in touch” or “We’re updating our Privacy Policy”. You’re getting them because on May 25th 2018 the new GDPR, the General Data Protection Regulation, will become enforceable and companies scramble to comply.

Cybercriminals hop on the trend

Generally, cybercriminals want the same thing a reputable company wants: your data. The intention is a completely different one though. Whereas companies want to advertise and track users when it comes to what they buy when, how, and why, the bad guys only want one thing: Access to your accounts and – if possible – to your credit card and banking information as well. And let’s be honest, there is no easier way to get those than to just hop on the surge of mails everyone is getting concerning the GDPR right now.

Beware of links in mails

The fake mails you’ll get from cybercriminals are very similar to those of legitimate companies. They claim that they only sent you the mail because of the GDPR – just as in the real mails – and ask you to click on a link. Sounds legit so far, right? But instead of sending you to an updated privacy policy or newsletter confirmation link, you’ll download malware or be asked to log into your account in order to check your details and correct “wrong” information ASAP. In some cases, the mails even claim that your account might get suspended if you do not hurry! This, of course, is all part of the plan: The more you are afraid to lose your account and rush to save it, the less likely you are to notice that something is awry. That the pages you’ll then log into are only there to steal your data should be crystal clear by now.

GDPR - Phishing Mail Airbnb
Source: Redscan

Especially Apple, PayPal, and AirBnB users need to be careful as there have been lots of phishing cases reported for the three companies, but in the end no one is safe when it comes to scam mails. If you see a mail like the one above make sure to delete it and do not click on any links.

Three tips to stay safe from phishing mails

1: Take a very close look

Most of the time a scam mail can be identified rather fast thanks to some easy pointers. Are you addressed generically? Are you being rushed into taking some kind of action? Are they a lot of spelling mistakes? Those are all signs that should render you cautious since the authors of the mail were most likely cybercriminals and don’t want what’s best for you.

2: Important: Don’t click!

As long as the phishing mail is just sitting in your inbox nothing negative has happened – the issues only start once you click on the links in the mail. So make sure to think and investigate before you click.

3: Take a closer look at the URL

Before you click on any link that’s presented to you in a mail, take a close look because you might find some pointers that indicate foul play. Does the link look like the real one but with a spelling mistake? That’s not a lapse at all: The closer the mail resembles the original, the more likely you are to miss the mistake and click on it.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.