A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail.

An image of the letter is shown below:

privacy compromising letter

In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split with the letter’s recipient if the recipient will accept the responsibility of being appointed as the heir to the deceased’s money, etcetera, etcetera.

As you can see, it bears all the earmarks of the traditional scam message. Fortunately, my friend knows a bit about scam recognition, and he sent it off to me so I could enjoy it. He also noted that he was alarmed that this arrived in the mail to his house in the United Kingdom.

From a security perspective, this is quite distressing. The question of how the scammers received his address is not the troubling part, as he has ordered items from Chinese suppliers in the past. Before we get all “judgy,” there are plenty of legitimate items besides phony ID cards that one can order from China. For instance, I am one to enjoy a fine green tea from China, so it is not as if he was doing anything wrong.

The problem that arises is that his information was sold, or perhaps stolen, and has now fallen into the wrong hands. Along with that, he was never given the option to opt into any such data sharing. Nor was he notified if his information took flight due to a breach.

Does this violate GDPR? Of course it does. In fact, it also violates China’s Privacy Standard regulation of 2018, which is supposed to be stricter than GDPR.

Most troubling of all is, what is a person to do in this (Read more...)