Businesses are being hit with a new email phishing scam: One that purports to be a warning about GDPR compliance.
The objective is to harvest credentials, according to Security Boulevard report, based on research by Area 1 Security.
“The phish uses a classic tactic of creating a false sense of urgency to fool recipients into complying with the request,” researchers say, Security Boulevard reports.
The researchers say the attacker lures targets under the pretense that their email security is not GDPR-compliant and requires immediate action. The spoofed emails look like an automated message from a firm’s security department, the report says.
However, those who are wise to phishing may spot typos and other signs that the email is part of a phishing scam.
Failure to see these issues, or to employ an adequate security system, could result in delivery of malware that harvests a user’s password, the report adds.
The phishing emails spoof company emails, and in some cases, senior executives.