Phishers are using scam emails that leverage the European Union’s General Data Protection Regulation (GDPR) as a theme in an attempt to steal users’ information, a security firm found.
Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which came from the fake domain “@mail.airbnb.work” as opposed to the legitimate “@airbnb.com,” addressed the recipient as an Airbnb host and said they could not accept new bookings or send messages until they agreed to a new Privacy Policy that reflects changes introduced by GDPR. As quoted by ZDNet, the message read as follows:
This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies, like Airbnb in order to protect European citizens and companies.