Criminals ‘will flood Europe’ with GDPR email scam

Criminals ‘will flood Europe’ with GDPR email scam

By Pádraig Hoare

Cyber criminals are using the EU’s incoming general data protection regulation (GDPR) to target email users in a sophisticated phishing scam, gardaí and cybersecurity experts have warned.

Airbnb customers are among those who have fallen victim to the scam, where criminals send fake GDPR notices to customers asking them to confirm login or personal information via online links so that they can continue to use the service being provided.

The Garda National Cyber Crime Bureau said that while there are no reports of any incident reported in Ireland to date, a number of incidents have been reported throughout other parts of Europe.

European detectives have already identified a string of scams involving the sending of fake notices which allege to be from Airbnb asking customers to update details to continue their agreement, gardaí said.

The bureau advised before responding to unsolicited emails, to ensure that the email address used to send the message is genuine. It advised never supplying banking or financial information via email, and to delete and report it to a bank if such an email was received.

Cybersecurity expert Ronan Murphy said the criminals wanted to exploit the millions of emails being sent out by firms related to GDPR before the law is implemented on Friday.

The chief executive of Cork-based Smarttech247 said: “The criminals who are the architects of such scams are like well-oiled machines when it comes to putting them in place. This will be a blanket campaign across Europe to try and target anyone who is receiving GDPR-related emails.

“They usually have teams that will target users in a specific country, but this time, they will flood Europe targeting millions of people, because the GDPR is relevant to all EU citizens.”

A survey from KPMG of Irish chief executives found a third see the issue of a cyberattack as a case of when not if, with just under half confident in their ability to identify new cyber threats.

Just 44% were confident in their levels of preparedness, while 56% feel able to manage external stakeholders in the event of such an attack.

The GDPR was ratified in 2016, following four years of negotiation, replacing the existing directive on data protection.

Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins tomorrow, meaning penalties can be imposed from day one. The regulation is designed to harmonise data-privacy laws in the EU and to protect citizens’ data privacy.

It not only applies to organisations within the EU, but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Mr Murphy said there would be a “ferociously long bedding-in period” with a large number of firms and organisations not ready for the law. “I’m afraid we are still far behind. The regulation is very broad with a lot of technical details. How the EU enforces the law remains to be seen.

“I have no doubt regulators will be looking for the scalp of a big firm or organisation, such as a tech giant or a university, which historically have been very lax with user data because there is so much of it. That will be the acid test,” he said.

More in this Section

Scottish Secretary: Northern Irish exports will face checks on way to BritainScottish Secretary: Northern Irish exports will face checks on way to Britain

Topshop chief executive Paul Price to step downTopshop chief executive Paul Price to step down

Goods worth €141bn exported last year; US and UK are strongest trade partnersGoods worth €141bn exported last year; US and UK are strongest trade partners

UK economy suffers worst three months in decade after stagnating in OctoberUK economy suffers worst three months in decade after stagnating in October


Is it really faster to fly? These environmentally-friendly trips dispel that myth, says Sarah Marshall.5 European journeys which are surprisingly quicker by train

It’s set to be unisex and will hopefully feature more clothes you can wear outside the gym.Everything we want to see from Beyoncé’s upcoming Ivy Park x Adidas collection

The mother-of-three speaks to Liz Connor about the recipe for getting the perfect night’s rest.Christine McGuinness on how to get kids to sleep on Christmas Eve

Carol O’Callaghan gets top expert tips on how to lay and decorate a glorious Christmas dinner table, creating a festive but stylish look to wow your visitors.Your go-to guide to laying the perfect Christmas table

More From The Irish Examiner