On Friday, we received the following email, purporting to be asking about GDPR policies for our property The Internet Patrol:
From: tomhar...@yosemitemail.com: Subject: Questions About GDPR Data Access Process for theinternetpatrol.com To Whom It May Concern: My name is Tom Harris, and I am a resident of Sacramento, California. I have a few questions about your process for responding to General Data Protection Regulation (GDPR) data access requests: • Would you process a GDPR data access request from me even though I am not a resident of the European Union? • Do you process GDPR data access requests via email, a website, or telephone? If via a website, what is the URL I should go to? • What personal information do I have to submit for you to verify and process a GDPR data access request? • What information do you provide in response to a GDPR data access request? To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request. Thank you in advance for your answers to these questions. If there is a better contact for processing GDPR requests regarding theinternetpatrol.com, I kindly ask that you forward my request to them. I look forward to your reply without undue delay and at most within one month of this email, as required by Article 12 of GDPR. Sincerely, Tom Harris --- Now, when I saw it, my spidey sense tingled a bit (referring to the property as a URL, a US-based individual asking about GDPR with a US-based outlet, etc.). And the from domain seemed..interesting. (Created in March of 2020.) Nothing seemed *obviously* off, so we responded politely. The next day, we got *this* email: From: kurtmayf...@potomacmail.com Subject: Questions About CCPA Data Access Process for theinternetpatrol.com To Whom It May Concern: My name is Kurt Mayfair, and I am a resident of Norfolk, Virginia. I have a few questions about your process for responding to California Consumer Privacy Act (CCPA) data access requests: • Would you process a CCPA data access request from me even though I am not a resident of California? • Do you process CCPA data access requests via email, a website, or telephone? If via a website, what is the URL I should go to? • What personal information do I have to submit for you to verify and process a CCPA data access request? • What information do you provide in response to a CCPA data access request? To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request. Thank you in advance for your answers to these questions. If there is a better contact for processing CCPA requests regarding theinternetpatrol.com, I kindly ask that you forward my request to them. I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code. Sincerely, Kurt Mayfair --- potomocmail.com having identical creation/registration details as yosemitemail.com Both being sent out through Amazon SES, so nothing much useful in the headers that I could see. NO links, no anything other than what's in the above email. We're trying to figure out just what exactly the scam is...anybody have any thoughts? Anybody else seeing this? Anne -- Anne P. Mitchell, Attorney at Law Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Board of Directors, Denver Internet Exchange Chair Emeritus, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop