Attackers know that companies are sending a lot of emails to customers about GDPR—and that makes them prime opportunity for phishing attacks.
With the looming GDPR May 25 deadline almost here, people are receiving emails from companies changing their data privacy policies and cyber crime is having a field day. Just one example are phishing attacks made to look like Airbnb, according to research from Redscan.
Their research began after an email supposedly sent from Airbnb's customer support line was found to be a phishing attack asking users to update their personal information like credit card information because they were not "GDPR compliant".
The fake Airbnb notification used a spoofed address like "@mail.airbnb.work". Airbnb is taking action and has their Trust and Safety team investigating this campaign.
Expect other, similar campaigns to hit the wires in the next few weeks. (You need to train your employees regarding GDPR by the way, please read: We're Still Not Ready for GDPR? What is Wrong With Us?)
In the meantime, I suggest you send this email to your employees, friends and family. Feel free to copy/paste/edit:
There is yet another email scam you need to watch out for. New European data privacy regulation is going into effect May 25th. It's called General Data Protection Regulation (GDPR) and bad guys are using it as bait, claiming you're not compliant and you are violating this new regulation.
Do not click on links in emails, or open suspicious attachments that claim any kind of problem with "GDPR". Delete the email or click on the Phish Alert Button to forward it to IT and delete if from your inbox.
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc