Hook, Line and Sinker – the GDPR saga

Apr 30, 2018 | Security-GRC | 0 comments

The GDPR deadline is quickly approaching and it rapidly turned into a scramble for most companies that need to get compliant quick. With nearly 90% of companies changing their privacy policies and hoping to avoid any type of GDPR penalties, you’re probably noticing a lot more emails.

Something you might not be aware of – cyber creeps, also known as hackers, are seizing the moment by sending out emails of their own. Phishing emails. And big companies are taking the bait.

Airbnb customers recently fell hook, line, and sinker for some GDPR scammy emails.

Here’s how it happened:

The cyber creeps are targeting business emails supposedly sent from Airbnb’s customer support line. The email is asking users to update their credit card information because they aren’t “GDPR compliant”. Included in this email is a link to “new privacy policy” regulations. But beware, clicking that link only takes you further down the path of destruction.

Once the link is clicked, you’re asked to enter in all your personal information, including financial credentials and payment card information. If you entered this information, you can expect to see your identifiable information on the black market.

Avoid being the next big catch.

Here’s how to protect yourself and your users from GDPR-related phishing scams:

  1. Implement a threat detection program or make sure yours is up to date so you can catch these things early.
  2. Education is a powerful weapon. Make sure you and your users are aware of standard phishing scam protocol. Do not click on links in emails, or open suspicious attachments that claim to be any kind of problem with “GDPR”.
  3. If you haven’t developed a security awareness training program for your company yet. There’s no time like the present. Ask us for help! We’ve helped companies anywhere from implementing a security training platform to developing a completely custom program.
  4. If you’ve received any of these emails make sure to forward them to Airbnb so they can continue their investigation. Their Trust and Safety team is on it: report.phishing@airbnb.com

Don’t wait for the bait, make sure your users are safe with a proactive approach. And if you have other concerns about GDPR or security awareness training drop us a line: sales@asmgi.com

<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>

Navigate the blog