Yesterday I received two weird SMS messages from Vodafone. They are basically trying to trick me in accepting a contract that is invalidating some of my rights that I will get due to the new European GDPR regulation.
First message:
Buna! Iti oferim cadou 5 GB trafic national,valabil 30 de zile; pentru aceasta te invitam sa trimiti sms la 2713 cu textul DA, pana la 06.04.2018. Astfel iti exprimi acordul de prelucrare a datelor cu caracter personal, inclusiv a datelor de localizare. Doar asa vom putea sa-ti trimitem oferte personalizate si in viitor, prin intermediul mesajelor scrise si electronice. Detalii privind modul de prelucrare a datelor aici Iti poti modifica oricand acordul, prin apel la *567.
This first message basically tells that I will get 5GB of Internet traffic for 30 days, for a small concesion :).
They give me a link to a 28 page pdf of “small letter text” with heavy lawyer talk where basically they explain in a language that 90% of the people will not understand (80% will not even read the document) that I renounce some of the rights GDPR will grant me. Funny they ask for the accord to store my full location data in the SMS !!!
This type of communication is full of EVIL social engineering tricks.
– give a prize, as meaningless as possible.
– give a link to a document in a SMS so making sure people without a smart-phone will not read that.
– the link is to a big 28 page document that 80% of the people will never read
– the document is a lawyer talk document. Even if you are a lawyer you may have difficulties following all the clauses.
Today I got a second SMS.
Salut! Trimite DA la 2713 pentru a-ti activa gratuit bonusul de 5GB de date mobile, valabil 30 de zile. Detalii suplimentare gasesti in mesajul pe care l-ai primit in data de 3 aprilie de la Vodafone.
The EVIL social engineering continues and goes to a higher level of EVIL:
– in this second message they only talk about the prize, completely “forgetting” to mention that is a trap, prize being linked to accepting a contract.
– they vaguely mention that more details I can find in the previous SMS. They intentionally omit now even the link to the 28 page contract I will accept if I answer to this SMS. Which is not only immoral but I think also illegal.
– the message is send just before Romanian Easter when usually mobile companies give bonuses so it is very easy for someone to think that this second message is an Easter bonus from the mobile company.
I think this is just the beginning of dirty GDPR damage control that will be employed by all this kind of companies, that have a side business from collecting and reselling customer data.
Sadly in Romania mobile companies and banks are champions in this field.
