• On Wednesday, 19th February between 10:00 and 11:00 UTC, the forum will go down for maintenance. Read More

Beware, scammers are exploiting GDPR to steal webmaster's data

Ababba2

Power Member
Joined
Feb 29, 2016
Messages
579
Reaction score
287
One point in the GDPR is that if a user visits your site and subsequently requests the removal of any of his or her data saved on your site, the webmaster is obligated to respond to his or her request.

Scammers then mass email from no-reply addresses of data deletion requests but then invite the webmaster to respond to them through a form located on one of their sites.

With this method, the webmaster is obliged to respond to the scammer and confirm that the data has been removed or request more information if he cannot find it, otherwise he ends up in the wrong and runs the risk that the matter may escalate to the privacy guarantor. Moreover, even if the scammer's email might look suspicious, the webmaster cannot be certain and must respond anyway.

Scammers then use forms to steal webmasters' data and more.

I don't know what one can do about this. What do you suggest to do?
 
Ask for proof of ID. Also, why would you respond to someone's email that isn't on your database?
They could register in your site for example if you have some sort of registration (like an ecommerce)

But still I don't know the issue that @Ababba2 is asking. You must answer a spam email for GPDR obligation but where is the issue?. Please delete my data: you delete the data, you answer the email, solved.
Personally I use a specific email address for this kind of topics something like [email protected]

How this can go worse?
 
Back
Top