large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Beware GDPR email scams, which can be dangerously easy to fall for

The GDPR compliance deadline on May 25 could be a godsend for opportunistic cybercriminals, security experts have warned.

Earlier this month, cybersecurity firm Redscan discovered a worrying new phishing attack that takes advantage of the uncertainty surrounding GDPR compliance.

Related: GDPR 2018 UK

In essence, people are receiving countless messages about incoming privacy changes from a multitude of companies, and some of them might not be genuine.

In a recent case, Redscan found that hackers have been attempting to trick people into clicking malicious links and giving away their personal information, by posing as Airbnb’s customer support team.

The email told recipients that they needed to update their personal information − by following a link to a malicious site − in order to be able to continue using Airbnb.

“The irony won’t be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people’s data,” said Mark Nicholls, Redscan’s director of cybersecurity.

“Reported phishing attacks on customers of Airbnb is just the tip of the iceberg. No doubt hackers will be repeating the approach with other brands, doing so right up until the GDPR implementation and probably beyond.

“The window of opportunity for social engineering attempts is often short and criminals are unlikely to pass up the opportunity to trick unsuspecting account holders”.

To add to the confusion, the fake Airbnb emails look convincing. Furthermore, Airbnb has been sending users genuine messages about privacy policy changes, and asking them to follow links in these emails to review them.

Genuine privacy email from Airbnb

Fake privacy email from criminals

“These emails are a brazen attempt at using our trusted brand to try and steal users’ details, and have nothing to do with Airbnb,” the company said.

“We’d encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on, who will fully investigate.”

To protect yourself, Redscan says you should first check for signs that the sender is who they claim to be.

“Fake addresses won’t use a real brand’s official domain, they will often use a bogus variation intended to look legitimate e.g. as opposed to,” it says.

“If you’ve opened an email and you’re still unsure, look for branding inconsistencies (font, logos, colours) and spelling errors, all of which may indicate that scammers are trying to copy a real brand.”

Have you been targeted by hackers in the lead-up to GDPR compliance day? Share your experiences @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.