[Update – June 2019: A new and different email is now doing the rounds, entitled “To the Owner of www.insertyourwebsitehere. Required by Law. You are Not Registered as a Data Protection Officer.” This is far more threatening in tone and we’ve updated this article – just scroll down]
This month we are reporting on another email scam, designed to persuade the SME community to part with hard earned cash for nothing.
Headed up “To The Data Protection Officer – Your Special Membership Invitation.” the email this time claims to come from “The UK Association of Data Protection Officers” however a quick check online establishes that there is no such body and from our research, they don’t appear to hold any type of authority.
The email they send promises a lot but there are a number of issues with it.
Firstly, it’s missing any of the usual elements that you’d like to see in an email, such as a contact address, a legitimate email address or a link to a website. That’s right, they don’t even appear to have a website.
They are offering ‘special membership’ for only £79+VAT but in the absence of a legitimate VAT registration number how can you tell that they are VAT registered?
The email offers a great many benefits including the right to put the letters DPOA after your name, but sadly that stands for ‘Durable Power of Attorney’ so probably not useful if you are in the Data Protection game.
The irony of all this is that they are hoping to snag people who are in charge of data protection by getting them to send an email to an undisclosed email address and then parting with their personal details!
The email in full reads like this;
Dear Data Protection Officer,
As a registered Data Protection Officer we would like to formerly invite you to become a member of the
UK Association for Data Protection Officers!
With over 450,000 registered Data Protection Officers (DPO) you will be part of an ever growing association that will give you many benefits and privileges!
Special Membership Offer
For a limited period only we would like to offer you a special full membership offer of
ONLY £79 + vat
*Normally Our yearly membership fee is £150 + vat per year
Our members have found that being a member of our association has greatly helped them fulfill their role as a Data Protection Officer.
Having the ability to communicate with other DPO’s, use the DPO forum, get the help and advice they need from both the Association and other UK DPO’s has helped them keep up to date with all the new GDPR compliance laws and solve security issues that really do effect you and your role as a DPO!
Here are some of the benefits of being a member of the
UK Association of Data Protection Officers:
*FREE Ongoing GDPR compliance training
*FREE On going Cyber Security Staff Training Videos
*FREE and full access to our GDPR Help line
*FREE use of our bespoke GDPR Compliance Software (CSEL)
*FREE access to our Members Forum
*GDPR Compliance Legal Advocacy
*Monthly GDPR Newsletter
*Certificate of Membership
*DPOA Letters after your name
*Discounts on all Association Conferences and Events.
and much, much MORE!
The benefits of being a member of the UK Association of Data Protection Officers speak for themselves!
Please PRESS HERE and we will send you more information about our Association and the benefits of membership.
The UK Association of Data Protection Officers
“The UK’s formost DPO Association”
This is a B2B communication. If this is sent in error please accept our apologies
The more astute amongst you will notice that the whole communication is riddled with grammatical and spelling errors (formost, fulfill and formerly are all stand out howlers…). This lack of attention to detail is typical of scams emanating from non-English speaking countries and a standard characteristic of many of these scam emails.
The email to which they want you to send your details is email@example.com which of course, does not link or correspond to any website. If you were to send an email to this address we expect that as well as being directed to a portal where they would harvest your card details, your email address would be added to their ‘gullible’ list and you will find yourself the recipient of an avalanche of this type of scam emails.
Behind the scenes, in the message headers, you can find that they are using a Hotmail account which is firstname.lastname@example.org and from the same headers you can see;
X-AntiAbuse: Primary Hostname – server.vectondataservers.com
X-AntiAbuse: Sender Address Domain – qualisdatacorps.info
X-Get-Message-Sender-Via: server.vectondataservers.com: authenticated_id: email@example.com
X-Authenticated-Sender: server.vectondataservers.com: firstname.lastname@example.org
If you are in receipt of one of these emails, as always the advice is to mark it as spam and delete it.
DO NOT open it and DO NOT give them your details. Stay safe out there and be aware online.
Update June 2019
A new email is doing the rounds and this is what it now says;
To the Owner of www.insertyourwebsitehere. Required by Law. You are Not Registered as a Data Protection Officer.
Notification from the
UK Data Protection Officers Directory
To the owner of www.insertyourwebsitehere
After checking the ICO Data Protection Officers Register it has come to our attention that you have not yet appointed a Data Protection Officer for your company.
As of May 25th 2018 by law you must appoint a Data Protection Officer for your company who is responsible to oversee the security of your client data and to be responsible to report any data breachs to the Information Commissioners Office (ICO).
Failure to do this can result in fines, prosecution and litigation.
Without having a registered Data Protection Officer (DPO) you are not GDPR compliant.
Depending on the size and type of your business you may or may not need to be registered as a Data Protection Officer.
As a FREE public service we can send to you a simple questionnaire that takes just two minutes to complete that will tell you definitively if your company needs to register a Data Protection Officer or not.
Also if you need to register, it will advise you how to register correctly as a Data Protection Officer with the Information Commissioners Office (ICO).
Request the Questionnaire
To request the questionnaire please PRESS HERE and we will send the questionnaire to you.
There is no need to reply to this email.
Disclaimer: This communication is not a business communication and can be legally sent. There is no personal data involved with this communication. The UK Data Protection Officers Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.
The worrying part is that this appears legitimate but in fact preys on a little bit of ignorance.
First of all, there is the ability to check the ICO Data Protection Officers Register but you need to put in a company name or at least some details first to be able to do this.
The Register will show you if you are registered with the ICO or not, but not whether you need to appoint a Data Protection Officer. If you want to find that detail you can do it yourself, for free, on the ICO website.
The email states “Without having a registered Data Protection Officer (DPO) you are not GDPR compliant.” but of course this is nonsense.
As with the earlier email, it also contains some really creative spelling (see ‘breaches’ above) and the main aim is to trick you into sending your email address to them (see the big PRESS HERE link.)
The email address you would be replying to is email@example.com and the subject asks them to send you a questionnaire. Not only does this tell them that your email address is a valid one (cue hundreds of other scam emails) but also that you will respond to a scam. Moreover, if you fill in their questionnaire it will undoubtedly lead you to something where you have to pay for a service that is currently free.
This information is freely available from the ICO and if you need to find out whether you are required to appoint a Data Protection Officer they make it really easy to do so on this url https://ico.org.uk/for-organisations/does-my-organisation-need-a-data-protection-officer-dpo/
Don’t be fooled for paying for something like this. It’s money for nothing.