4920 Constellation Drive
White Bear Township, MN 55127-2218
help@chipscs.com | 651.407.8555
Schedule Now
Photo by jonworth-eu
Hackers are sending out GDPR phishing emails, trying to trick people into entering the kinds of data that the General Data Protection Regulation is designed to protect. Learn about this scam and how to protect your business from it.
Companies that must comply with the EU’s General Data Protection Regulation (GDPR) have been busy emailing customers with information about updated privacy policies, consent forms, and other GDPR topics. These companies are not the only ones sending GDPR-related emails, though. In May 2018, security researchers discovered that hackers were distributing GDPR phishing emails designed to trick people into entering the kinds of data that the regulation protects.
The Scam
Pretending to be from Airbnb, the hackers sent phishing emails, mainly to businesses’ email accounts. The hackers took the time to make the emails look like they were from Airbnb and even included its logo. Perhaps they got the idea and the logo from the email that the real Airbnb sent to customers about its privacy policy changes.
The phishing emails noted that Airbnb had updated its privacy policy. The recipients were told they had to accept the new privacy policy before they could log back into the Airbnb website. To accept it, they had to click a link in the email. The link led to a spoofed Airbnb website, where the victims were instructed to enter their account credentials, payment card information, and other personal data. If they did so, it fell right into the cybercriminals’ hands.
How to Protect Your Business
Phishing attacks like the Airbnb scam are not going away any time soon since hackers have successfully used them to steal money, obtain credentials, and spread malware. Thus, you need a strategy to protect your business from these attacks. You might consider using a strategy that is based on three lines of defense.
The First Line of Defense
The first line of defense is your email filtering tools and security software. By keeping them up-to-date, fewer phishing emails will reach employees. You also need to make sure that your security software is on every computing device in your business, including smartphones.
The Second Line of Defense
Email filtering tools and security software won’t catch every phishing email, so the next layer of defense is your employees. You should educate them about phishing emails. Besides warning them about the dangers of clicking links and opening attachments in emails, you should teach them how to spot phishing scams. Elements to look for include:
The Third Line of Defense
The third line of defense is to take a few preemptive measures in case an employee falls for a phishing scam, despite your best efforts to prevent it. You can help mitigate the effects of a successful phishing attack by:
What’s Your Strategy?
Although developing a strategy to protect your business from phishing attacks takes some effort, it is important to have one. Using the three lines of defense presented here is a good starting point. We can help you create and then implement a strategy tailored to your company’s needs.