How GDPR is being used to scam you

The advent of the General Data Protection Regulation (GDPR) should bring with it some feelings of reassurance and heightened security. However, some cybercriminals are using it to their advantage in order to exploit unknowing users. According to the Independent, fraudsters have been posing as banks over email and using GDPR as an excuse to extract key information from users. These fake emails tell customers that their accounts will be terminated unless they update their records immediately, at which point they are directed to a website that steals any data input.With cyber criminals becoming evermore devious and deceptive, here are seven signs to look out for in the latest phishing emails.

1. Impersonal

Legitimate corporations, such as banks and government organisations, should always address you in an email by your name. Scammers, on the other hand, will not personalise the email. They will often start an email with a simple ‘Hi’ or ‘Hello’. This means they can send the same email to thousands of people in one go. Other times they will use your email address, i.e. ‘Hi [email protected]’, in an attempt to make it sound slightly friendlier. So make sure to look out for the ‘impersonal’ touch.

2. Fake email

If there’s a link in an email, always check it before you click it. At first glance it could look completely authentic, almost identical to the real URL, but make sure to move your mouse over the link to see the actual destination. If in doubt, don’t click. If you do and it is malicious, you could infect your machine.

3. Sense of urgency – fear tactics

The scammers want to put you under pressure to act quickly, so you don’t give yourself time to realise it’s a spoof. They will say things like ‘Warning, your account needs to be updated immediately, otherwise it will be deleted’ or ‘Act now and claim back money owed TODAY only.’ This sense of urgency is just a trick, and anything that is serious and would require immediate action would be dealt by most reputable businesses over the phone.

4. ZIP file

It is uncommon to receive a legitimate ZIP file in an email. In fact, a ZIP file could contain malicious website links or JavaScript files that could release a malware infection. One of the reasons ZIP files are so appealing to scammers is that pretty much every operating system has support built into them for creating and opening the files. Malware is often distributed as a program file; therefore all email providers prevent the emailing of programs. However, by ‘zipping’ these programs first, they can bypass tis prevention.

5. Punctuation and grammar mistakes

These people are clever enough to write a program that steals your data, so why is it the email is usually littered with spelling and grammar errors? There’s no simple answer, but the truth of the matter is, many phishing emails have an abundance of grammatical errors, ones that sincere companies just wouldn’t make.One reason behind it is that some scammers won’t speak English as their first language. Another may be that they misspell on purpose to avoid the email going to your junk folder. Either way, you don’t have to be a genius of the English language to spot these very obvious mistakes.

6. Email footer

If the rest of the email is convincing one element that is likely to give it away is the email footer. Watch out for an incorrect copyright date or a location that doesn’t respond with that of the footer.

7. False information

One way to capture your attention is to claim you have won a large prize (usually money) or you are due a tax refund. If you haven’t entered any competitions, then you won’t have won any prizes. As for the tax refund, HMRC states that they will ‘never use texts or email to tell you about a tax rebate.’ If it seems too good to be true then it probably is.

Think before you act

Clicking questionable links and opening dubious ZIP files could be deadly. You could very easily find yourself with a computer virus, have your personal details stolen, and even have your bank account emptied. If you’re unsure the email you have received is bogus or not, then contact the business in question through normal contact means or ask for a second opinion. At SCC we help businesses to ensure their security is never compromised. Click here to see our solutions