What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law which was adopted on 14th April 2016, and was enforced on 25th May 2018. The law aims to protect data and privacy of all individuals in the territory of the EU and European Economic Area (EEA).According to GDPR Act all the EU based companies are required to handle user data responsibly. This includes:
- Customer’s data should be stored securely
- Without user’s permission, their details should not be shared with anyone
- In case of any issue such as data leak, users should be notified on time.
- Also without user’s consent, companies are not allowed to send messages to the users.
How does GDPR affect online fraud?
Cyber criminals however have devised methods to continue to carry out their mischievous acts.
Using GDPR as bait for the phishing scams, criminals are attempting to trick consumers into handing over their credential and account details. These phishing scams are usually perpetrated to gain access to victims’ bank accounts. Let us know about the ways the customers are deceived:
- Emails claiming to be from other well-known companies are sent to the customers threatening the recipients to delete their accounts unless they follow the link and fill the form with correct data.
- The emails sent can also be regarding the customer’s account being frozen and hence entails deletion unless the form is filled confirming user’s account information etc.
- Once the users click on the link, they are asked to enter their personal information which includes account and payment card information.
Entering personal information in these suspicious links out of panic may result in handing over the data to the criminals who may use it to carry out theft and other fraudulent activities.
So basically, the tool used by the criminals to trick people is intimidation. Afraid of these threats, less savvy users panic and act rashly, entering the data blindly without giving second thoughts.
How to identify the fraud?
On receiving such emails, the users should stay calm and read the email properly before entering the details. The points below will help users in identifying the authenticity of the email.
- Fraudulent GDPR emails are often prone to poor spelling or grammar. The sub-quality design of these emails is not expected in a legitimate email from a bank.
- Fake emails might also fail to address the customer by name. It instead addresses with “Dear friend” or “Dear customer”. The emails can also be delivered from a strange email address, which don’t use the right domain. For instance, the fake message can come from ‘@mail.google.work’ as opposed to ‘@google.com’.
- While the phishing messages might look legitimate at first glance, it’s worth noting generic words and sequence of numbers in the fake email address which is not the case with legitimate email id.
- One more way to recognize the legitimacy of the email address is the message subject which contains strange numbers. Also, if the message is sent with the reply tag, may be highly suspicious if you never wrote to this company.
- Also the address of the link that you are being asked to follow contain any strange domains or short links, such as bit.ly or similar are phishing messages.
How to protect the data from this fraud?
- Before entering your personal details ensure that the mails received or the links opened direct you to a legitimate company website.
- Check the sender’s address, subject, and text to prevent anything inappropriate. If something looks suspicious, don’t click on anything. Contact the technical support team of the service to clarify all skepticism.
- Use a reliable security solution which will sift out dubious messages and give warning of suspicious links.