Hackers are using GDPR to disguise phishing schemes
With the impending GDPR May 25 deadline on its way, consumers are receiving emails from companies changing their data policies — and hackers are taking notice. Hackers are disguising email phishing schemes as legitimate emails from companies like Airbnb to vulnerable users, according to research from Redscan, made available to CIO Dive.
Redscan's research began after an email supposedly sent from Airbnb's customer support line was masked as a phishing link asking for users to update personal information like credit card information. By clicking the link to update their information, phishers could steal information or spread malware on a user's device.
The emails sent impersonating Airbnb typically use a "bogus variation" of an email address meant to look legitimate like "@mail.airbnb.work," according to Redscan. Airbnb is taking action and has a Trust and Safety team in place to investigate suspicious attempts.
Phishers are taking advantage of customer trust on a whole new level with hackers now working to profit off of GDPR's deadline. Phishing schemes are one of the easiest and cheapest methods hackers use to compromise someone, exploiting human error and a lack of basic cybersecurity knowledge.
They are also troubling for companies because all it takes is one employee's ignorance to jeopardize the whole IT infrastructure. Granted, if a company's security hangs in the balance from one link in an email, there are larger issues that need to be addressed.
Phishing schemes take advantage of a user's trust through a single email, and because open rates are so high, phishing makes up 26% of all enterprise fraud. To avoid a single attack's $1.6 million price tag, companies need to adopt a "see something, say something" approach.
Whenever an employee is in doubt of the authenticity or true origins of an email component, there needs to be an alert sent to the IT department. But if an employee may have already opened a malicious link, passwords should be changed immediately, according to Redscan. After that, security teams need to make sure patches are up to date and a recent backup is available.
- Computer Weekly Redscan warns of GDPR phishing scams
Follow Samantha Ann Schwartz on Twitter