{"id":22517,"date":"2018-05-29T03:38:55","date_gmt":"2018-05-29T07:38:55","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=22517"},"modified":"2019-11-15T06:36:50","modified_gmt":"2019-11-15T11:36:50","slug":"apple-gdpr-phishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/apple-gdpr-phishing\/22517\/","title":{"rendered":"GDPR bustle: Even scammers have new privacy policies"},"content":{"rendered":"

Recently, you\u2019ve probably been drowning in messages from every service you\u2019ve ever used informing of changes to privacy policies and the need to resubscribe to their newsletters in order to carry on receiving them.<\/p>\n

No, it\u2019s not an international flash mob of global companies \u2014 they\u2019re just trying to fall in line with the EU\u2019s new General Data Protection Regulation (GDPR), which came into force on May 25, 2018.<\/p>\n

The GDPR applies to all companies operating in the territory of the EU, and requires them to handle user data responsibly, which includes storing it securely, not transferring it to anyone without the users permission, and providing timely notifications about leaks in case they happen.<\/p>\n

What\u2019s more, companies do not have the right to send messages to users without their consent. That\u2019s why your mailbox is full of resubscription requests \u2014 services are keen to keep sending you stuff, but can\u2019t do so without that OK from you, which they are desperately trying to get.<\/p>\n

GDPR fraud<\/h3>\n

Cybercriminals sniffed a perfect opportunity to make quite some user data out of this situation. After all, millions of people worldwide are blindly clicking \u201cYes, I agree\u201d in countless messages and entering personal info on multiple sites without a second thought.<\/p>\n

For example, we came across a mailshot seemingly on behalf of Apple menacingly informing recipients that their Apple ID is locked and set to be deleted in three days unless they fill out a form to confirm their account information.<\/p>\n

Apple is unable to confirm your billing details, the message said, and this allegedly violates the company\u2019s security policy. Your account is frozen and will be deleted within three days, continued the warning, unless you follow the link and enter your data.<\/p>\n

This, of course, has nothing to do with Apple. Just plain phishing<\/a>.<\/p>\n

The authors of the mailshot employed the oldest social engineering trick in the book: intimidation. Afraid of parting company with such a precious account, the less savvy user panics and acts rashly, entering data in places where it shouldn\u2019t. Such scams are as effective as they are numerous, i.e. very.<\/p>\n

\"\"<\/a>

Example of a GDPR-related phishing email on behalf of Apple<\/p><\/div>\n

How to spot phishing<\/h3>\n

If you keep a cool head, it\u2019s fairly easy to see that you\u2019re being phished. Let\u2019s take a closer look at this Apple ID-related message.<\/p>\n

In most cases, it\u2019s possible to determine that it\u2019s fraud even without opening it. For example, look at the sender\u2019s address in the From<\/strong><\/b> field and the topic in the Subject<\/strong><\/b> field (see screenshot). There is something obviously fake about a long email address containing generic words and a sequence of numbers, especially when you know that all legitimate messages about the Apple ID account come from appleid@id.apple.com.<\/p>\n

The message subject also contains strange numbers that don\u2019t make any sense. Spammers use them to create information noise and make the message look unique. Also pay attention to the RE<\/strong><\/b> tag, which means that the received message is a reply to a message that you sent. This is highly suspicious if you never wrote to this company (again, this is done to bypass spam filters).<\/p>\n

If the subject and sender\u2019s address aren\u2019t enough, an analysis of the message text should dispel all doubts. No self-respecting company in possession of your personal data will ever address you using your email address instead of your first and last names.<\/p>\n

Another way to recognize a fraudulent email is to look at the address of the link that you are being asked to follow. If you hover the mouse cursor over the text of the link, the address it points to will appear nearby or in the bottom-left corner of the browser window. It should not contain any strange domains or short links, such as bit.ly or similar.<\/p>\n\n

How to protect your data<\/h3>\n