The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25th and I am sure that many of you, like me, have been flooded with emails informing of you of the new privacy rules of many of the companies with which you do business. In particular, if you have receive online newsletters, companies will require you to resubscribe in order to continue to receive them. The GDPR has a number of enhanced privacy provisions including not permitting companies to send you messages without your consent, storing your personal data more securely, not providing your data to third parties without your express permission and notifying you in a timely fashion in the event of a data breach. While the GDPR is a European law and not an American law, it applies to American companies doing business in the European Union and many American companies are complying with the law by changing their privacy rules for their American customers, as well.
When we receive GDPR notices, many of us are tempted to merely click “I accept” without even reading what the new policy is, which although not advisable is understandable as for years the norm has been for user agreements for most of our online services to be long and confusing. It is both understandable and ironic that scammers are taking advantage of the new GDPR by sending phishing emails pretending to be from companies with which you do business and asking you to provide personal information purportedly to comply with the GDPR in order to continue your relationship with the particular company. However, the phishing emails are often asking for personal information such as credit card information, user name and passwords that are then used by the scammers to make you a victim of identity theft. Already a number of these phishing emails have turned up posing as Airbnb, Apple and others.
So what can you do to protect yourself? First of all you should check the email address of the sender for irregularities. Sometimes the phishing emails come from botnets of hijacked computers and use the email addresses of the computer owners to send out the emails so an email from Airbnb, for instance, will come from the email address of a totally unrelated company or person. However, other times the scammers are more sophisticated and may use an email address strikingly similar to the real one. Always confirm that the email address from which the email is being sent is legitimate. Instead of providing personal information or clicking on links in even the emails you think may be legitimate, you may wish to go directly to the company’s website to see if you can comply with the new privacy laws there.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”