Phishers Leveraging GDPR-Themed Scam Emails to Steal Users’ Information

Phishers are using scam emails that leverage the European Union’s General Data Protection Regulation (GDPR) as a theme in an attempt to steal users’ information, a security firm found.

Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which came from the fake domain “@mail.airbnb.work” as opposed to the legitimate “@airbnb.com,” addressed the recipient as an Airbnb host and said they could not accept new bookings or send messages until they agreed to a new Privacy Policy that reflects changes introduced by GDPR. As quoted by ZDNet, the message read as follows:

This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies, like Airbnb in order to protect European citizens and companies.

When clicked, the link redirected recipients to a page that asked them to enter their account credentials, payment card details and other personal information.

ZDNet confirmed that Airbnb is sending messages to hosts about GDPR but that it’s simply asking them to agree to new Terms of Service. Those real messages did not ask hosts to submit their credentials. As a result, the community-drive hospitality company made clear that users who receive suspicious emails should submit them to its Trust and Safety team.

Mark Nicholls, director of cyber security at Redscan, told ZDNet that web users are likely to see other types of attacks leveraging GDPR as a theme in the meantime:

As we get closer to the GDPR implementation deadline, I think we can expect to see a lot a lot more of these types of phishing scams over the next few weeks, that’s for sure. In the case (Read more...)