GDPR Phishing Warning – Scams Increasing
While your business may not be affected by GDPR, at this point in time, the vendors you deal with are affected. Almost all vendors have to cope with the new security rules. Examples might be, banks that have a foreign presence, Verizon, Comcast, Netflix, Facebook, etc. Probably at least 90% of the companies that we deal with personally or professionally. This means that GDPR phishing scams are increasing!
GDPR In Brief
The General Data Protection Regulation, or GDPR, is a data protection law designed to impose strict new rules on processing and controlling personal identifiable information (PII) across all 28 European Union (EU) countries. In order to be compliant, companies have to get you to agree to certain things or they will eventually stop services to those who do not respond. The “bad guys” are duplicating the notices that you may get from legitimate vendors and if you click the links and/or respond, they could gain access to your accounts or infect your computer.
GDPR Phishing Sent to CV
Following is an example of just such a phishing technique sent to us here at CourseVector. Virtually all of our web design clients operate from cPanel. In reality, our clients do not own the license and do not have to respond to any inquiries from cPanel. However, we are guessing that many would respond and compromise their computers. The following notice that came to us via Email is so good that, unless you know the correct URL for cPanel, it could probably fool a technician as well. (As a matter of fact, one of our technicians comments that this is the best phishing email he’s seen.) There were two “red flags” that tipped us off:
1) If we hovered over the button, the URL showed that it would go to a site other than cPanel. (You cannot test this as we have just provided an image.)
2) The second red flag is that it did not come from cPanel; however, many companies are contracting security firms to get their disclaimers agreed to, etc. So, it is possible that the compliance Email may not come from the company that you would expect.