So far, they have identified one that claims to come from Airbnb.
Gardaí are warning Irish internet users to keep an eye out for a new series of GDPR phishing emails doing the rounds.
With the new General Data Protection Regulation set to arrive on 25 May in the EU, regulation which requires online customers to update their personal user agreements with service providers, Gardaí have become aware of cybercriminals attempting to exploit this opportunity.
There have been several reported cases of false GDPR notices being sent to customers asking them to confirm login or personal information via online links so that they can continue to use the service provided. Although there have been no reported incidents in Ireland to date, several have been reported across Europe.
However, Gardaí have already identified one string involving the sending of fake notices, which claim to be from Airbnb asking customers to update details in order to continue their agreement.
Clicking into any such fake or fraudulent links within a phishing email could result in users having their emails harvested for marketing/junk campaigns, being redirected to fake or infected sites for watering-hole attacks, malicious attachments which appear to be GDPR related, or submitting private information, such as credit card details, bank details or passwords.
The Garda National Cyber Crime Bureau has issued advice to users who may have received an email or link, in which you are asked to give personal or financial details:
- Be careful before responding to unsolicited emails.
- Make sure you have an agreement with the service sending you the email.
- Ensure that the email address used to send you the message is genuine and from the provider.
- Check if the link within the email is genuine by either hovering over it to ensure it leads to where it says it does, or by checking the page it leads to and its contents.
- If still unsure, contact the service provider or organisation and confirm that they sent the email.
- Never supply banking or financial information via email.
Banking institutions never ask for personal information via email. Gardaí advise that if you receive one delete it and report it to your bank or financial institution.
All incidents of phishing or theft of personal information should be reported to your local Garda Station with a copy of the original email you received.
