Travel firms warned to be on guard over cookie warning extortion scam

PROFiT says companies are being targeted with fake letters about breaches of GDPR rules

Companies are being told to be on their guard for the return of a scam in which firms receive threatening letters about the use of cookies on their websites.

The Prevention of Fraud in Travel group (Profit) last warned about a similar fraud to extort money from travel companies in September 2021. Within five months of the alert, more than 180 companies from a range of industries came forward to say they were victims of the scam.

A year on, reports of a similar fraud have resurfaced.

Chairman Barry Gooch said several companies had reported receiving letters in the last week warning their usage of cookies was in breach of UK GDPR and The Privacy and Electronic Communications Regulations’ requirements.

The letters demand money to prevent the sender reporting the alleged breach to the Information Commissioner’s Office.

“The idea seems to be to frighten the recipient into paying,” said Gooch.

Although the scam is not specific to travel firms, Gooch urged firms in the sector to be wary and to check their companies met current cookie legislation.

He said: “Profit advocates that every organisation must fully comply with the rules on cookies which is a legal requirement.  Checking your compliance now will give your organisation and membership peace of mind if approached.”

Travel companies should look out for legal letters that ‘run into several pages’, said Gooch.

In the letter, the fraudster claims that on visiting the company’s website consent for cookies was not given but that several were placed on their computer system. The letter says they have gone back to the company’s website and videoed their actions as proof, and demands a large sum of money.

Any company that receives a threatening letter should seek legal advice as well as alerting Profit about the potential scam.