The "GDPR Notification from the UK Non Compliance Register" Scam

2nd email:

"UK Data Protection Officers Directory info@ukdpod.com via aweber.com

10:51 (13 minutes ago)

to me

UK Data Protection Officers Directory

For the owner of E****** Plc,

Thank you for your requesting the list/s of qualified Data Protection Officers in your area.

Here are the qualified Data Protection Officers available in your area.

For Data Protection Officer and GDPR compliance assistance please contact the Data Protection Officer/s below:

Name:

Graham Goodman FDPOA

Qualifications:

Fellow of the Data Protection Officers Association (DPOA) www.thedpoa.com with 16 Years in IT and Data Protection Management

Current Job Title:

Data Protection Officer Manager for Rockwell Data corp. www.rockwelldatacorp.com

Time with company:

15 Years

Telephone:

07704 293 767

Email:

graham.goodman@rockwelldatacorp.com

There is no need to reply to this email.

Disclaimer: Each Data Protection Officer has been screened by the UK Data Protection Officers Directory but any communication or liability is the responsibility of the communicator and not the UK Data Protection Officers Directory. This communication is not a business communication and can be legally sent. There is no personal data involved with this communication. The UK Data Protection Officers Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.

The UK Data Protection Officers Directory

PO Box 397

London London SW1V 3NX

UNITED KINGDOM

------------------------------------------------------------------

Scan of Rockwelldatacorp:

https://www.hybrid-analysis.com/sample/14b9212b83ab876c71372d88d933ed521c800435e87b8e039aaae04e36c8c923/5d07667d028838bd5e3666aa

This scan is showing evidence of command and control protocols attempts.

Scan of thedpoa.com:

https://www.hybrid-analysis.com/sample/ee17abecf8d8485147d93c470a4a8a3929603d120eab2c9f8441df345697d2bf/5d076ac20388380f673666aa"

No command and control picked up on this one, but still a load of malicious indicators, and a lot more connections to other malicious pages.

The unsubscribe button doesn't look too good either...

Here's what you get if you reply:

"For the owner of Epaton plc. The Data Protection Officer Questionnaire.

Inbox

x

UK Data Protection Officers Directory info@ukdpod.com via aweber.com

10:05 (1 minute ago)

to me

UK Data Protection Officers Directory

For the owner of E***** plc,

Thank you for taking the time to check if you need to be registered as a Data Protection Officer with the Information Commissioners Offcie (ICO)

Please click on the link below to go to the questionnaire to find out if you need to become a Data Protection Officer as required by the GDPR compliance law of 25th May 2018

https://ico.org.uk/for-organisations/does-my-organisation-need-a-data-protection-officer-dpo/

If, after finishing the questionnaire you find that you need to appoint a Data Protection Officer (DPO) for your business or organization YOU MUST review the guild lines for Data Protection Officers.

To do this please click on the link below:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-law-enforcement-processing/accountability-and-governance/data-protection-officers/

This ICO link will explain what are the legal responsibilities for Data Protection Officers and what qualifications they will need BEFORE they are appointed as a Data Protection Officer for your company.

Important: Appointing yourself or someone in your organization who is not properly qualified or who understands the legal obligations of being a Data Protection Officer can lead to serious consequences for you and your business.

Being a Data Protection Officer is a serious responsibility and failure to comply with the standards set can lead to fines and prosecution.

We recommend that you consider appointing a professionally trained Data Protection Officer to perform the tasks required to keep your business and your clients data safe from data breaches.

If you would like a list of qualified Data Protection Officers who are available in your area please press here and we will send this list to you.

There is no need to reply to this email.

Disclaimer: This communication is not a business communication and can be legally sent. There is no personal data involved with this communication. The UK Data Protection Officers Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.

The UK Data Protection Officers Directory

PO Box 397

London London SW1V 3NX

UNITED KINGDOM

Unsubscribe | Change Subscriber Options

It then sends a new email via the press here to guild-of-dpo@europe.com again with 'Please send to me a list of qualified Data Protection Officers' as the subject."

I've replied via a dummy email, they're automatic replies set up so lets see if they send anything malicious over.

From: <non-gdpr-reply@europe.com>

Date: Mon, 17 Jun 2019 at 08:45

Subject: Auto-Reply

Thank you for your request.

We will send your report shortly.

There is no need to reply to this email

I got a scam email from: nongdprcompliance@lancasterdatasender.info

Replied "suck my..." but it bounced back from ukguildofdpo@hotmail.com

scam from: nongdprcompliance@lancasterdatasender.info

The scammers are using this email address:

The GDPR Compliance Directory <nongdprcompliance@qualisdatacorps.info>

Here is another scam:

-----Original Message-----

From: UK GDPR Compliance Directory Notification <nongdprcompliance@lancasterdatasender.info>

Sent: 08 January 2019 02:21

Subject: To the Data Protection Officer of www.langaria.co.uk. You are on the UK GDPR Compliance Directory

Notification from the

UK GDPR Compliance Directory

To the Data Protection Officer of www.langaria.co.uk

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant as required by the GDPR compliance law passed on 25th May 2018, your company is now being listed on the UK GDPR Compliance Directory with a Negative Listing for not being GDPR compliant.

The public can now search the GDPR Compliance Directory to see if your company can be trusted to store their data securely before they give you their personal data.

The UK GDPR Compliance Directory is a FREE public service that is available to any member of the public to see which companies are GDPR compliant.

Request a report

To see why you have been entered onto the register with a Negative Listing PRESS HERE <mailto:non-gdpr-reply@europe.com?subject=Please send to me the GDPR Non Compliance Report.> and we will send the report to you.

On the report you will see listed why you are NOT GDPR compliant and how to receive a Positive Listing.

It will also detail any potential dangers to you and your company for not being GDPR compliant.

This email has been sent to you as the Data Protection Officer to notify you that your company has a Negative Listing on the UK GDPR Compliance Directory.

There is no need to reply to this email.

Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The UK GDPR Compliance Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.

I have just spoken to someone on the live chat on ICO website as we had same email, they said if you forward your emails onto casework@ico.org.uk then they will investigate as they are the only commissioned office to deal with GDPR

nongdprcompliance@qualisdatacorps.info

Received the same email today from the above, stating we are on a non-compliance register, which is not true

Great to see this scam is being highlighted and shared

Same e-mail. No answered, forwarded to your address above. Thanks for confirmation of dodgy crap.

Received a similarly worded email this morning and it's from nongdprcompliance@qualisdatacorps.info

I've just received that same mail today concerning my website, almost completely written in Spanish).

It was sent to a valid email address, but to a private one -my own email address, not to one of the email addresses listed on my website for a contact or anything else.

Anyone report follow-up from this scam? I'd be very interested to see what happens if someone replies...

you have to love their last line ". It is a pubic service that is free of charge."

Got the same email. 2 email addresses,

nongdprcompliance@lancasterdatasender.info

and

nongpdr-reply@europe.com

Wasted my morning checking to see if it was fake!

Same here...

email sent from zertondatacorpservices.info

email goes to nongdpr-reply@europe.com

Received this email 16th dec 2018. Not nice

Being bombarded with this email :/

We also got this from nongdprcompliance[at]zertondatacorpservices.info. The click here to register link points to an email address:

nongdpr@europe.com

I received a similar thing from gdprnoncompliance2018@hotmail.com

We received the same one from nongdprcompliance@lancasterdatasender.info

Received this:

"Notification from the UK Non Compliance Register.

To the owner of www.

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.

Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25th May 2018

The Non Compliance Register is a FREE public service that is available to any member of the public.

The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.

To see why you have been entered onto the Non Compliance Register PRESS HERE <mailto:non-gdpr-reply@europe.com?subject=Please send to me the GDPR Non Compliance Report> and we will send the report to you.

You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.

This email has been sent to inform you that you are on the UK Non Compliance Register.

There is no need to reply to this email.

Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The Non Compliance Register does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a pubic service that is free of charge."

Received the same fake email from: nongdprcompliance@zertondatacorpservices.info

Here is another scam:

"From: "To the DPO: Pending Action for Non GDPR Compliance" <nongdprcompliance@qualisdatacorps.info>

Date: 14 December 2018 at 05:30:13 GMT

Subject: Action Against the DPO of [] You are on The GDPR Non Compliance Register

Reply-To: "To the DPO: Pending Action for Non GDPR Compliance" <gdprnoncompliance2018@hotmail.com>"

They are also using this email address: nongdprcompliance@qualisdatacorps.info

They are using this email address: nongdprcompliance@vectordataservices.info

Received the same scam:

"From: "To the DPO: Pending Action for Non GDPR Compliance" <nongdprcompliance@lancasterdatasender.info>

Subject: Action Against the DPO of You are on The GDPR Non Compliance Register

Date: 14 December 2018 at 05:42:50 GMT

Reply-To: "To the DPO: Pending Action for Non GDPR Compliance" <gdprnoncompliance2018@hotmail.com>"

They are using this email address: registernoncompliance@hotmail.com

Also received an email from these people but with a different email/domain address

mailto: noncompliance@vectordataservices.info

and guess what the following info appeared on WHOIs:

"Domain Name: VECTORDATASERVICES.INFO

Registry Domain ID: D503300000334750424-LRMS

Registrar WHOIS Server: whois.namecheap.com

Registrar URL: www.namecheap.com

Updated Date: 2018-11-28T23:28:55Z

Creation Date: 2018-11-28T23:21:13Z

Registry Expiry Date: 2019-11-28T23:21:13Z

Registrar Registration Expiration Date:

Registrar: NameCheap, Inc

Registrar IANA ID: 1068

Registrar Abuse Contact Email: abuse@namecheap.com

Registrar Abuse Contact Phone: 1.6613102107

Registrant Organization:

Registrant State/Province: Panama

Registrant Country: PA"

Why would a UK Government agency register their domain name in Panama?

Receive:

"From: "Action Pending Against You: The UK Non GDPR Compliance Register" <noncompliance@zertondatacorpservices.info>

Subject: To the owner of www.thehormonaltherapist.co.uk You are on The GDPR Non Compliance Register

Date: 11 December 2018 11:34:49 GMT

Reply-To: "Action Pending Against You: The UK Non GDPR Compliance Register" <registernoncompliance@hotmail.com>"

Received:

"From: Action Pending Against You: The UK Non GDPR Compliance Register <nongdprcompliance@vectordataservices.info>

Sent: 12 December 2018 09:49

Subject: To the owner of [] You are on The GDPR Non Compliance Register"

Here is another scam:

"From: Action Pending Against You: The UK Non GDPR Compliance Register [mailto:noncompliance@xartondataservice.info]

Sent: 11 December 2018 01:55

Subject: To the owner of You are on The GDPR Non Compliance Register

Notification from the UK Non Compliance Register.

To the owner of

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.

Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25 May 2018

The Non Compliance Register is a FREE public service that is available to any member of the public.

The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.

To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you.

You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.

This email has been sent to inform you that you are on the non compliance register.

There is no need to reply to this email."

Here is another scam:

"From: Action Pending Against You for Non GDPR Compliance <noncompliance@xartondataservice.info>

Sent: 07 December 2018 16:37

Subject: To the owner of [] You are on The GDPR Non Compliance Register"

Got the same:

-------- Original message --------

From: Action Pending Against You for Non GDPR Compliance <noncompliance@zertondatacorpservices.info>

Date: 08/12/2018 01:45 (GMT 00:00)

Subject: To the owner of [] You are on The GDPR Non Compliance Register

Yep - received exactly the same email from:

"Action Pending Against You for Non GDPR Compliance <noncompliance@lancasterdatasender.info>

To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you. - The PRESS HERE link opened a new google Tab !!!"

I guess I will just ignore this.

Same scam email from: zertondatacorpservices.info

The majority of emails we get nowadays are related to scams.

This is having such an effect on our business that we are returning to paper-based procedures.

Projecting these problems forward a few years and we will hit a point where email and ebusiness is no longer viable for all companies.

I'm afraid it's long overdue for governments to step in and fully regulate the internet otherwise it will completely fail.

It's a real concern that the UK government are 'making tax digital' when trust in ebusiness systems is rapidly diminishing - take a look at the what the O2 debacle has done to hundreds of small businesses in the last day or two if you think this is OTT.

Received the same via email:

"From: Action Pending Against You for Non GDPR Compliance <noncompliance@zertondatacorpservices.info>

Reply-To: Action Pending Against You for Non GDPR Compliance <registernoncompliance@hotmail.com>"

We've had these being delivered to various obvious contact email addresses like info@ourwebsitename or admin@.... etc.

Haven't followed any link but an obvious hoax because how can they possibly know if we are compliant or not? They don't have access to our in house compliance procedure and they don't even address the issue to the email address that we registered with the ICO.

The problem with this scam would seem that if you did follow a link that worked and entered your company name you are submitting your company to a register that may then be made public. You're effectively filling in the details for the scammers.

Additionally if anyone can access this public register then whenever a name is searched for it will automatically be added to the "non compliance register".

A dirty scam and we can all thank the big companies that made the GDPR law necessary and so costly for the small guys struggling to get a foot in the door.

It's hard enough to comply without having to deal with S**T like this!

I got another one from: noncompliance@qualisdatacorps.info

Here is another scam:

"From: Action Pending Against You for Non GDPR Compliance <noncompliance@vectordataservices.info>

Sent: 07 December 2018 03:46

Subject: To the owner of You are on The GDPR Non Compliance Register

Notification from the UK Non Compliance Register.

To the owner of.

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.

Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25 May 2018

The Non Compliance Register is a FREE public service that is available to any member of the public.

The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.

To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you.

You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.

This email has been sent to inform you that you are on the non compliance register.

There is no need to reply to this email.

non-gdpr-reply@europe.com"

Received the same email from noncompliance@vectordataservices.info except it also had a link, in the form of 'to see why you have been entered on to the register CLICK HERE'