A colleague at another company forwarded me an email he’d received knowing that I’d get a kick out of it. It claimed to be from the UK GDPR Compliance Directory and that his company was not GDPR compliant. Of course no such directory exists and this was nothing but a ruse. In fairness it does look like a professional email. There’s no spelling mistakes or poor grammar. There’s no sense of urgency included (e.g.- “You must fix this by tomorrow or else puppies will be harmed.”). The only link would create an email with the subject line of “please send me the GDPR non compliance report” to a “@europe.com” email address. So there is a whiff of legitimacy to this e-mail.
So here it is. I’ve removed the identifying bits from my colleague’s company, but it was his domain name where shown.
The only red flag in this email was the From address. That was a peculiar looking domain name.
While there was no sense of urgency in the email, obviously the thought of your business having a negative listing isn’t good. Also this service is apparently “a FREE public service”, so surely it won’t cost anything to be able to make the listing positive. Right?
I’m sure if you clicked that link and sent an email looking for the report, an offer would be made to help you get a positive listing … for a small fee of a few hundred or thousand pounds (this is a UK site after all).
Even without the red flag on the from address, this whole email stank to me. It was simply trying to use a ruse to shame the domain owner into getting in contact to supposedly make their company GDPR compliant. As always treat any unsolicited email with the contempt it deserves.
If you received anything like this, you can always get in touch with us at info@L2CyberSecurity.com and we will be happy to clarify for free. If you’d prefer an official response, you could contact the Data Protection Commission at https://www.dataprotection.ie/en/contact/how-contact-us
Lets be careful out there.