Warning: scammers using GDPR emails to steal your data
Love them or loathe them, data protection emails requesting you to confirm you’re happy to receive company emails are coming in thick and fast.
They’re the result of the new GDPR rules which come into effect this Friday 25 May, replacing the current Data Protection Act.
The new law aims to give people more control about how their data is used, shared and stored and requires companies to be more accountable and transparent about how your data is used.
But fraudsters are using these emails to gain valuable personal details from recipients.
Action Fraud reported that scammers are sending fake NatWest GDPR emails, claiming that accounts will be ‘terminated’ if customers don’t update their records.
The ‘review and update’ link in the email leads to a phishing website designed to steal personal and financial information.
As such, the charity lists the following ways to spot whether a GDPR email is fake or genuine:
- If the spelling, grammar, graphic design or image quality is poor quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
- If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear…’ followed by your email address.
- The email address doesn’t look right; authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.
- Money’s been taken from your account, or there are withdrawals or purchases on your bank statement that you don’t remember making.
If you think you’ve fallen victim to a scam, report it online to Action Fraud or call 0300 123 2040.