Skip to main content
close search
site logo
Dive Brief

Hackers are using GDPR to disguise phishing schemes

Published May 4, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; Kārlis Dambrāns

Dive Brief:

  • With the impending GDPR May 25 deadline on its way, consumers are receiving emails from companies changing their data policies — and hackers are taking notice. Hackers are disguising email phishing schemes as legitimate emails from companies like Airbnb to vulnerable users, according to research from Redscan, made available to CIO Dive.

  • Redscan's research began after an email supposedly sent from Airbnb's customer support line was masked as a phishing link asking for users to update personal information like credit card information. By clicking the link to update their information, phishers could steal information or spread malware on a user's device.

  • The emails sent impersonating Airbnb typically use a "bogus variation" of an email address meant to look legitimate like "@mail.airbnb.work," according to Redscan. Airbnb is taking action and has a Trust and Safety team in place to investigate suspicious attempts.

Dive Insight:

Phishers are taking advantage of customer trust on a whole new level with hackers now working to profit off of GDPR's deadline. Phishing schemes are one of the easiest and cheapest methods hackers use to compromise someone, exploiting human error and a lack of basic cybersecurity knowledge.

They are also troubling for companies because all it takes is one employee's ignorance to jeopardize the whole IT infrastructure. Granted, if a company's security hangs in the balance from one link in an email, there are larger issues that need to be addressed.

Phishing schemes take advantage of a user's trust through a single email, and because open rates are so high, phishing makes up 26% of all enterprise fraud. To avoid a single attack's $1.6 million price tag, companies need to adopt a "see something, say something" approach.

Whenever an employee is in doubt of the authenticity or true origins of an email component, there needs to be an alert sent to the IT department. But if an employee may have already opened a malicious link, passwords should be changed immediately, according to Redscan. After that, security teams need to make sure patches are up to date and a recent backup is available.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell