In Ireland the police (Gardai) have warned the public to be extra diligent ahead of the introduction of the new European Union data protection legislation, the General Data Protection Regulation (GDPR), this Friday May 25.
With the influx of emails from companies seeking authoriztion to continue emailing their clients the authorities are concerned that cyber criminals will see this as an ideal opportunity to try and illegally gain access to private data.
Gardaí say that they have already been in receipt of a number of inquiries that indicate fake emails have been sent to individuals that claim to be from Airbnb asking customers to update details in order to continue their agreement. These imitation notices will ask users to confirm login or personal information using Internet links so that they can continue to use the service.
Tthere are strict GDPR rules in relation to the manner in which personal data is gathered, stored and used by companies – with fines of up to €20m applying for breaches.
A Garda spokesperson said: “Recent enquiries have already identified a string involving the sending of fake notices which allege to be from Airbnb asking customers to update details in order to continue their agreement”.
It went on to ask anyone reviewing a GDPR notice to be extremely careful that the notice is genuine and not an attempt at hacking or cyber crime. They reminded individuals that banks will not seek to have information verified in this fashion stating “Banking institutions never ask for personal information via email. If you receive one delete it and report it to your bank or financial institution”. If anyone experiences a phishing attempt like this they should contact their local Garda station immediately.
The Garda National Cyber Crime Bureau has issued the following guidelines for dealing with GDPR email notices:
- Be wary of replying to unsolicited emails
- Be sure you have an agreement in place with the service sending you the email
- Ensure the sender email address is genuine and from the provider
- Make sure The link (URL) within the email is genuine by either hovering over it to see it links to where it claims to or by reviewing the page it leads to and its contents
- Contact the service provider or organisation and confirm that they broadcasted the email;
- Do not share banking or financial information