This phishing scam impersonates GDPR spam
You’ve probably noticed a lot more privacy-related emails coming in over the last few weeks. This is a classic example of last-minute planning, as every company operating in Europe scrambles to ensure it’s GDPR-compliant ahead of the 25 May start date.
READ NEXT: What is GDPR?
“This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States-based companies, like Airbnb in order to protect European citizens and companies,” the message reads, in a text that will be tediously familiar to anyone with an active email address.
“The irony won’t be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people’s data,” said Mark Nicholls, Redscan’s director of cybersecurity.
“Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action, whether that’s clicking a link or divulging personal data. It’s a textbook phishing campaign in terms of opportunistic timing and having a believable call to action.”
To confuse matters slightly, Airbnb has been sending out its own GDPR-related messages, but there are a number of telltale differences. First, the email address is a legitimate “@airbnb.com” rather than the more suspect “@mail.airbnb.work”. Secondly, Airbnb’s own messages are far more detailed and don’t ask you to enter your credentials, just to agree to new terms of service.
In a statement, Airbnb told Alphr: “These emails are a brazen attempt at using our trusted brand to try and steal user’s details, and have nothing to do with Airbnb.
“We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on email@example.com, who will fully investigate. We provide useful information on how to spot a fake email on our help centre and work closely with external partners to report and help remove fake Airbnb websites.”
It wouldn’t be surprising if more cybercriminals used GDPR fatigue as a way of getting tired users to be less vigilant than they usually would, so keep an eye out for suspect-looking emails, check URLs and think twice before entering your personal details anywhere. If in doubt, contact the service the email is claiming to be from. Airbnb, for its own part, has a guide of what to look out for in legitimate emails, which you can read here.