your passport to all things web
GDPR Phishing Warnings
Although PSAB may not be affected by GDPR, at this point in time, the vendors we deal with are affected. Almost all vendors have to cope with the new security rules. Examples might be, banks that have a foreign presence, Verizon, Comcast, Netflix, Facebook, etc. Probably at least 90% of the companies that we deal with personally or through PSAB.
The issue is that the “bad guys” are taking advantage of this. In order to be compliant, companies have to get you to agree to certain things or they will eventually stop services to those who do not response. The “bad guys” are duplicating the notices that you may get from vendors and if you click the links and/or respond, they could gain access to your accounts or infect your computer, or one here at PSAB.
Following is an example of just such a phishing technique. Virtually all of PSAB’s web design clients operate from cPanel. In reality, they do not own the license and do not have to respond to any inquiries from cPanel. However, we are guessing that 100% of them would most likely respond and compromise their computers or boroughs. The following notice that came to us via Email is so good that, unless you know the correct URL for cPanel, it could probably fool a technician as well. There were two “red flags” that tipped us off:
1) If we hovered over the button, the URL showed that it would go to a site other than cPanel. (You cannot test this as we have just provided an image.)
2) The second red flag is that it did not come from cPanel; however, many companies are contracting security firms to get their disclaimers agreed to, etc. So, it is possible that the compliance Email may not come from the company that you would expect. A good example of this would be IMIS, which is what we use for our membership. They have about 6 different companies with different URLs and Emails. It would be very easy to just click through a compliance request without realizing there was an issue.
The best way to protect yourself when you get these requests is to ask IT for assistance prior to taking any action.
If you have any questions, feel free to open a support ticket.