GDPR scam: hackers want to steal your data

Hackers are exploiting emails warning about the GDPR coming into force to create fake messages from the Airbnb service in order to steal our data

It's phishing danger again for European Internet users. An as yet unidentified group of cyber criminals has set up a hacking campaign to steal users' credit card data. To lure people into the trap, the messages are disguised as a warning about the new European General Data Protection Regulation.

The GDPR will come into force on May 25, 2018, and will give users and consumers more control over the personal data they enter on the Web. Ahead of the Regulation's entry into force, many online sites and services are sending out emails informing Internet users of updates to terms of use. Cyber criminals are also starting to exploit this massive sending of email alerts to their advantage, resulting in an online scam. In practice, hackers have disguised GDPR activation alerts sent by fake online booking services. In this way, the user is asked to change his data and provides all confidential information about his credit card to the malicious ones.

Beware of Airbnb emails

To discover this phishing campaign about GDPR is RedScan, a company active in the cybersecurity sector. Specifically, cybercriminals send phishing emails pretending to be the customer service of AirBnb, a vacation rental service used in Italy (but also worldwide). In the scam emails, cyber criminals inform users that, due to changes in the privacy policy, our profile is no longer active. In order to reactivate it, it is necessary to click on a link at the bottom of the email, providing your personal data and credit card number. It would be almost superfluous to say that, although the site you "land" on is very similar to the original one, it is a scam and no online service would ever ask you to reactivate your account following this procedure.

How to defend yourself from fake emails about GDPR

These days we will receive many emails about the update of the privacy policy related to GDPR. Airbnb, for example, is really sending out these emails: you must, therefore, be very careful. The company, through its official channels, has released a statement to help users defend themselves from the scam attempt.  "These emails are a brazen attempt to use the consumer's trusted brand to try to steal user details and have nothing to do with Airbnb. We encourage anyone who has received a suspicious email to report it to our Trust and Safety team at [email protected], who will investigate thoroughly. Airbnb, through its help center, provides useful information on how to identify a fake email, and works with external partners to report and remove fake sites

More broadly, recognizing scam emails is easier than you might think. The services we use online inform us with much longer messages about the GDPR coming into effect. Where we will be explained why the initiative and every detail about the protection of our data that will be changed. In addition, there is no need to re-enter any information on our profile, we will just click on the link to be redirected to the personal page and accept the news. Beware of the domain used in the email: the scam was spread by but the official address of the service is