Warning: GDPR Phishing Scams Spotted!

Hackers have been creating fake GDPR-related privacy notice emails to mislead targets into handing over personal data, including credit card information.

With GDPR being a hot topic, businesses and individuals have been receiving voluminous genuine privacy notice emails from brands and organisations, who are acting upon best practice before the GDPR deadline: 25th May 2018. You have probably received a few yourself! Hackers have taken advantage of the GDPR build-up, disguising themselves as reputable companies and requesting personal information.

What do the fake emails look like? How can I tell the difference?

It’s important to understand that legitimate GDPR privacy emails shouldn’t be requesting any personal details from you – GDPR is centred around protecting personal information so to ask for it outright is quite ironic!

Cyber criminals will most likely insert a link in their scam emails, which will ask you to log in to your account, disclosing personal data in the process. If you receive something along these lines, log into the official website through a new webpage and change any details, this way you can be assured you haven’t fallen into a trap.

Other important things to look out for in phishing emails include suspicious email addresses, branding inconsistencies and spelling/grammar mistakes. Take into consideration these points when checking emails on your mobile, the sender details can be hidden or not shown fully. Here we have an example of a recent phishing attempt on Assent and how we tackled it.

Please note that not all phishing attempts occur over email – there have been instances where scammers have phoned up their victims and requested personal information. Therefore, be alert when answering unsolicited calls.

Do you think that you’ve been phished? Here’s what to do:

  •      Change passwords on all accounts with similar login details.
  •      Immediately alert your Information Security and IT team.
  •      Block the user if you’ve received a suspicious email or phone call.
  •      Alert all staff.
  •      Make sure that staff training on Cyber Security is up-to-date.

For more information, you can watch our video on Cyber Security: Types of Phishing where you can learn how to recognise a Phishing email and defend yourself against cyber attackers, trying to access your personal and confidential information.

Also take a look at our Cyber Security Portal and ISO 27001 (The international standard for Information Security Management) Page. Feel free to contact us with any questions.


Lauren Tobin
Lauren Tobin
Articles: 57