Fraudsters, sometimes going so far as to usurp the identity of the CNIL, put pressure on professionals and individuals by making them believe that they are not respecting the rules of the GDPR.
The National Commission for Computing and Liberties (CNIL) warns of the recent resurgence of scams linked to the GDPR, the General Data Protection Regulation implemented in Europe five years ago.
GDPR as leverage
“The CNIL has been informed of a wave of fraudulent calls targeting professionals (in particular hoteliers and tobacconists), but also individuals”says the organization.
On its website, the CNIL gives some advice to recognize and guard against this type of scam. She reminds us that a scam can take several forms:
- “False letters, faxes or emails using terms or symbols suggesting that the message is sent by the CNIL or another French or European institution (logo of the CNIL or another institution, tricolor flag, Marianne, European emblem, etc. .)”
- “Calls from people posing as CNIL agents or companies acting on behalf of the CNIL (with, in some cases, the fraudulent display of the CNIL telephone number 01 53 73 22 22)”.
The last active campaign in progress favors this second method.
The CNIL will never ask for your bank details
The CNIL has identified three major operating methods. In some cases, these may be canvassing companies, which will target professionals with the aim of selling fake GDPR compliance assistance services, sometimes with aggressive language.
People can also try to impersonate CNIL agents or companies mandated by the CNIL. Again, the goal is to sell paid GDPR compliance assistance services, brandishing the threat of legal action or a hefty fine.
The last situation you may be confronted with concerns individuals who have already been victims of a first scam, to whom it is proposed to be reimbursed for sums previously paid.
The CNIL specifies that you should not “never proceed to the payment of a sum of money under the threat of a financial sanction or legal action” and never provide your bank details. Under no circumstances does the CNIL itself request payment or banking information, whether for professionals or individuals.
Source : CNIL
1