With just days until the EU General Data Protection Regulation (GDPR) is enforced, many organizations are updating their privacy policies and emailing customers to ensure they are aware of the changes. Cyber criminals are taking advantage of this through GDPR-related phishing scams.
Tim Helming, director of product management at DomainTools, said:
As consumers receive more and more legitimate emails from brands engaging with best practices in advance of GDPR, it only follows as logical (and somewhat ironic) that scammers would take advantage of this. Phishers thrive on a lack of caution from their targets, so masking a scam as part of a legitimate flurry of emails comes as no surprise.
[U]sers who receive a GDPR email should be aware that personal details or credit card information should not be handed over, in any scenario, as part of an organisation moving towards a GDPR compliant policy.
How can I detect a phishing email?
There are a number of ways to spot a phishing email. They are often sent from an unfamiliar email address, badly written, and contain links or attachments that you are urged to open.
If you have any doubts about the legitimacy of an email, do not click any of the links. Hovering your mouse over the link or address will reveal the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you were expecting, so always double-check before you click.
If you are still unsure, contact the company or individual using the details you already have for them and log in to any accounts from a separate browser. Never use the contact details provided in the email.
Phishing attacks are becoming increasingly sophisticated, and the lack of basic knowledge about them only increases their success. It is therefore vital that people know how to identify and respond to a phishing attack.