Back to News

  • News Alert

WARNING: Heightened alert for phishing scams amid GDPR transition

Published on

May 30, 2018

When there is something new, confusing, and much-hyped on the Internet, you can bet criminals are going to find a way to exploit it.

That is so far the case with the General Data Protection Regulation (GDPR), the data privacy rules for all individuals within the European Union (EU) and European Economic Area that went live Friday.

The primary aim of GDPR is to provide EU citizens and residents more control over their personal data. It is also intended to simplify the regulatory environment for international business by providing a comprehensive, yet uniform, set of regulations. While its aim is to simplify, however, GDPR has been presenting its fair share of problems, especially to U.S. businesses that are still battling with confusion and uncertainty of whether and how GDPR applies to them.

You may have noticed that amid the transition to the new requirements of GDPR, businesses around the world are scrambling to update their privacy notices. As they do, they are flooding our in-boxes, advising us of the changes made to their privacy policies in valid attempts to comply with GDPR. Unfortunately, however, we are now also seeing criminals exploiting this confusion. Industry experts and associations, including those in banking and financial services sectors, are reporting that criminals are now spoofing bank and other businesses with phishing scams relating to GDPR and attempting, at alarming rates, to persuade us to disclose our personal banking and other information.

The same advice applies in these circumstances as it does in all phishing scams. As Pennsylvania Attorney General Josh Shapiro suggests:

  • Never reply to unsolicited e-mails or pop-up messages asking for personal or financial information or requests to “verify” data about your account. Banks, credit card companies, and businesses do not (and should not) send requests for PIN numbers or sensitive information to their customers.
  • Do not call any phone numbers contained in messages purporting to be from your bank or other companies you do business with. Providing sensitive information to strangers by phone is as dangerous as sending it in an e-mail. Also, don’t open any links or documents contained in these messages. They may route you to a bogus website or download a virus onto your computer.

If you have any questions about GDPR or other cybersecurity matters, please reach out to me.

Donald R. Geiter, J.D., M.S.L. (Cybersecurity Law & Policy), CIPP/US, CIPM

Related News

View More News
News Alert
August 13, 2025

Back to School, Back to Work: A Refresher on Employing Minors in Pennsylvania

As Pennsylvania students return to school, it’s time for employers to revisit and reinforce their child labor protections. ...

Learn More
News Alert
August 7, 2025

Pennsylvania Appellate Court Upholds Venue-Selection Clause in Contracts

The Pennsylvania Superior Court recently issued a significant decision reaffirming the principle that parties may, in advance...

Learn More
News Alert
July 24, 2025

The Limitations of E-Verify: What Employers Need to Know

Immigration laws require employers to ensure employees are legally authorized to work in the United States. Over the last few...

Learn More

Other Upcoming Events

View All Upcoming Events
Oct
07
2:30 pm
-
6:00 pm
event
Location

2025 York Business Seminar

Learn More
Oct
14
2:30 pm
-
6:00 pm
event
Location

2025 Harrisburg Business Seminar

Learn More
Oct
30
2:30 pm
-
6:00 pm
event
Location

2025 Lancaster Business Seminar

Learn More

Get in Touch

Our attorneys, paralegals and staff look forward to hearing from you. Please reach out to let us know how we can help.

Get In Touch
RECOGNIZED IN
Super Lawyers
Best Law Firms US News
Best Lawyers