As the General Data Protection Regulation (GDPR) come into effect in on May 25 for all European Union (EU) member states, companies and organizations that collect, use, store data on any EU citizen — anywhere in the world — face a duty to comply. Failure to do so may result in fines as high as 4% of the organization’s sales or €20m.
The new legislation has sent businesses into a panic. It has also resulted in malicious plans by hackers.
As businesses and organizations are sending emails to clients and employees requesting consent to collect and store data, hackers are rubbing their hands in excitement about the potential breach these requests may present. Those who excel at digital threats are also sending out emails, posing as real businesses that might be expected to send email to individuals regarding their data and their rights.
This makes EU citizens and companies who deal with them ripe for such things as phishing scams.
What are GDPR Phishing Scams?
Phishing scams involve the appearance of legitimacy and the urge for immediate action. There must also be a way for those who receive them to input information for after all that is what the phishing is all about.
Individuals have read about the upcoming GDPR legislation and whose data is being protected by it. So, they are prepared for just this kind of correspondence at this particular point in time. As the May 25 deadline approaches phishers will be trolling in greater numbers.
How Can GDPR Scams Be Addressed?
While phishing scammers are directly targeting consumers and perhaps employees, enterprises are not safe either. Poor password protection is evident — particularly in small businesses where the person contacting clients about GDPR may well wear other hats. Therefore hacking business accounts may well be child’s play for accomplished phishers.
Phishing is a big problem. 25% of all business frauds are phishing scams. A single phishing expedition can result in a million dollars in damage to a company. All it takes is one lax employee.
Employees need to be educated about the dangers of phishing scams. They need to know how to detect fake emails related to GDPR compliance messages.
Clients also need to be made aware that if a ‘company’ asks anything about GDPR compliance, they should check it out immediately with the real company.
If a company has no dealing with EU citizens. Then it has no reason to comply with GDPR. Alerts should be sent to employees and clients noting this and asking them to be alert to possible scams.