The GDPR must once again serve as a trap.

Be careful, there are currently emails out there again that want to deceive their recipients. These emails claim to be from Paypal and trick recipients into thinking their Paypal accounts are about to be closed.

The argument for this closure is the new General Data Protection Regulation, which requires you to reconfirm your data again. But be careful, this is a trap, this email was not sent by Paypal but by scammers!

Visually, the email appears in the following form:

Screenshot Mimikama
Screenshot Mimikama

The content of this email is in plain text:

We need your help to avoid having your account closed.

Dear [full name],

Unfortunately, due to a failure to reactivate, which all customers must confirm due to the changes to the EU GDPR, we have to inform you of the impending closure of your PayPal account, as complete confirmation of the verification has not yet been recorded.
We are obliged to carry out this measure due to the new General Data Protection Regulation (GDPR).

Continue to review »

This review has been pending since September 20, 2018 and should be completed as quickly as possible to prevent a complete ban.

Important note: the recipients of this email will be addressed by their full name.

Phishing!

The aim of the email is to irritate the recipients so that they follow the call for the supposed GDPR data comparison and access the link provided in the email. However, this link leads to a phishing trap; in our test case, our protection software directly prevented the creation of a fraudulent website.

Screenshot Mimikama
Screenshot Mimikama

without protection software , a website opens that is based on the PayPal login. A small note at this point: Your own email address can already be seen in the login field on the website. This has already been sent with the link from the email and should now give the impression that you are on a website where you have already entered your data.

Screenshot Mimikama
Screenshot Mimikama

Whoever is behind this fake website - it probably isn't PayPal.

Anyone who provides truthful information on this and the following pages is sending this data directly into the hands of fraudsters! If you give these backers your data, they have the password and therefore access to their victim's account and can now go shopping without restrictions.

That is why the user must be particularly careful about who he gives his personal data to!

I have become a victim – what can I do?

Even with all the caution you can still fall into a trap. Once the password has been given to the fraudsters, you can still prevent something worse from happening:

  1. Contact the company for which your personal user or login information was stolen immediately. Please call customer service to have your account blocked. Banks in particular have a blocking hotline that can be reached around the clock and is available specifically for such and similar cases. Describe your case and your account or user area will no longer be accessible with the old login data.
  2. Log in to your user account and check whether you can still log in. If this is still possible, go immediately to the area where you can change your current login details. Set a new password and, if possible, also change the user name and contact address.
  3. Check immediately whether account changes or transactions have already been made , as criminals are usually very quick. Check whether, for example, goods have been purchased or debits have been made for which you are not responsible. If this is the case, inform the customer service of the respective provider immediately.
  4. Document all abnormalities . Take screenshots, print out bank statements and the phishing email, or forward the email to the company in whose name the cybercriminals sent the phishing email.
  5. Contact a lawyer who specializes in internet fraud , describe your case and submit all documents related to the fraud. You should contact the lawyer even if you have not yet reported any damage.
  6. 2 -factor authentication (if offered) prevents access even if fraudsters have obtained the access data through phishing.

By the way, there is also hope in phishing that stolen funds, for example from online banking, will be replaced by banks. The basis for this is the Civil Code. According to § 675u BGB, payment service providers are obliged to replace the stolen payment amounts in the event of unauthorized payment transactions. However, this only applies if the person concerned has fulfilled their duty of care. Further information on the legal basis in the event of damage can be found here .


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )