A GDPR-related smap campaign has been identified that involves phishers send out false fake GDPR compliance reminders as they attempt to trick unsuspecting recipients into handing over log in credentials.

This campaign was initially identified by the cybersecurity group Area 1 Security researchers. They detailed how an attack involves phishers sharing an alert notification to a distribution list of companies emails that they possibly purchased from a vendor on the black market.

An Area One representative stated: “The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message.”

They went one: “On the second day of the campaign the attacker began inserting SMTP HELO commands to tell receiving email servers that the phishing message originated from the target company’s domain, when in fact it came from an entirely different origin. This is a common tactic used by malicious actors to spoof legitimate domains and easily bypass legacy email security solutions.”

If one of the recipients was to visit the website included in the email they would be brought to a web page loaded to malware and phishing lures. This website would steal their log in credentials and allow access to their company email address. After this email addresses can be leveraged to share the campaign further within that company, resulting in even more cyber crime. The phishing website is hosted on a compromised, outdated WordPress webpage.

Another characteristic of this type of campaign is that the URL has a degree of personalization as as the email address of the recipient (target) is auto-completed in a HTML form on the malicious webpage. In addition to this the username field and the correct email field address (found in the URL’s “email” parameter) are also filled out. Such precision can presuade the recipients of the email think that the website they are viewing is genuine and result in them supplying log in details.

To prevent attacks like this you should install a cybersecurity solution like SpamTitan. SpamTitan is a powerful cybersecurity package that stop phishing emails at source, stopping dangerous messages from landing in mailboxes. WebTitan and SpamTitan can be used as part of a free trial of SpamTitan.