Warning: GDPR Phishing Scams Spotted! - Assent Risk Management

Hackers have been creating fake GDPR-related privacy notice emails to mislead targets into handing over personal data, including credit card information.

With GDPR being a hot topic, businesses and individuals have been receiving voluminous genuine privacy notice emails from brands and organisations, who are acting upon best practice before the GDPR deadline: 25th May 2018. You have probably received a few yourself! Hackers have taken advantage of the GDPR build-up, disguising themselves as reputable companies and requesting personal information.

What do the fake emails look like? How can I tell the difference?

It’s important to understand that legitimate GDPR privacy emails shouldn’t be requesting any personal details from you – GDPR is centred around protecting personal information so to ask for it outright is quite ironic!

Cyber criminals will most likely insert a link in their scam emails, which will ask you to log in to your account, disclosing personal data in the process. If you receive something along these lines, log into the official website through a new webpage and change any details, this way you can be assured you haven’t fallen into a trap.

Other important things to look out for in phishing emails include suspicious email addresses, branding inconsistencies and spelling/grammar mistakes. Take into consideration these points when checking emails on your mobile, the sender details can be hidden or not shown fully. Here we have an example of a recent phishing attempt on Assent and how we tackled it.

Please note that not all phishing attempts occur over email – there have been instances where scammers have phoned up their victims and requested personal information. Therefore, be alert when answering unsolicited calls.

Do you think that you’ve been phished? Here’s what to do:

Change passwords on all accounts with similar login details.
Immediately alert your Information Security and IT team.
Block the user if you’ve received a suspicious email or phone call.
Alert all staff.
Make sure that staff training on Cyber Security is up-to-date.

For more information, you can watch our video on Cyber Security: Types of Phishing where you can learn how to recognise a Phishing email and defend yourself against cyber attackers, trying to access your personal and confidential information.

Also take a look at our Cyber Security Portal and ISO 27001 (The international standard for Information Security Management) Page. Feel free to contact us with any questions.

Related

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Lauren Tobin