GDPR Provides Scammers with a New Golden Opportunity

The EU General Data Protection Regulation (GDPR) has arrived, and crooks are ready to exploit the media attention on the new law to launch cyber-attacks against unaware users.

Several US websites including the one belonging to Los Angeles Times have temporarily been made unavailable in EU counties as a precaution due to the law coming into effect, other websites like the USA Today have published a version for EU users that doesn’t include any tracker and advertising element.

Authorities are warning scammers could use the GDPR as bait to steal personal information from companies and users.

Cyber-criminals are already sending out GDPR-themed phishing messages to trick victims into providing personal information or visit malicious websites set up to steal credentials or to deliver malware.

Recently the customers of the NatWest bank were targeted by the scammers who sent them malicious messages claiming to be from the financial institution.

In the last days, almost any company is informing its customers that its processes comply with the new GDPR, most of the messages share new privacy policies with customers.

Customers are exposed to hacking; it is easy to fall victim to scammers that use similar messages for malicious purposes.

A typical example of a scam is related to the consensus in continuing to receive emails from a company. Many companies are asking customers the permission to continue sending them messages, but crooks are exploiting this process using fake emails telling customers their accounts could be terminated if they do not update their records.

With this kind of social engineering attack, users are tricked into visiting a rogue site specially crafted to steal customers data. Experts observed this attack scheme to steal credentials for victims’ bank accounts or credentials for other web services.

The activities of scammers begun months before the announced deadline for the General Data Protection Regulation (GDPR), crooks exploited the news about severe penalties for those companies that will be (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pierluigi Paganini. Read the original post at: