Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

GDPR latest: Fraudsters posing as banks in data protection emails phishing scam

Customers of NatWest among those targeted

Oliver Wheaton
Friday 25 May 2018 13:01 EDT
Scammers are exploiting flurry of General Data Protection Regulation emails to trick customers
Scammers are exploiting flurry of General Data Protection Regulation emails to trick customers (Getty/iStockphoto)

New data laws coming into force are being used by scammers to steal personal information, police have warned.

Customers of NatWest are among those targeted by the scammers, who have been sending fraudulent emails claiming to be from the bank.

Companies have been contacting their customers to give reassurance that they are adhering to the new General Data Protection Regulation laws. In addition, many companies are asking customers if they are happy to continue receiving emails.

However scammers have created fake emails telling customers their accounts could be terminated if they do not update their records, at which point they are directed to a site which steals any data they input.

These phishing scams are usually perpetrated to gain access to victims’ bank accounts.

Action Fraud have released a statement confirming that banks will never ask for a pin, password or memorable information by text or email.

The agency has also pointed out that fraudulent GDPR emails will often contain poor spelling or grammar, as well as sub-quality design you would not expect in a legitimate email from a bank.

Fake emails might also fail to address you by name (instead starting with “Dear friend” or “Dear customer”) or could come from a strange email address, such as a Gmail or Yahoo account.

The new GDPR law brought in on Friday after being passed by the European Parliament forces businesses to actively secure consent before using customers’ personal data such as their name, phone number and email address.

Having been enshrined in the UK’s upcoming Data Protection Bill, the laws will still apply after Brexit and apply to all businesses offering goods or services within the EU.

Several US websites including that of the Los Angeles Times have temporarily been made unavailable in EU counties as a precaution due to the law coming into effect.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in