Anyone else seeing "Data Removal Request" mailshot...

Del · ‎06-05-2018

Hi there ... I'm looking for your thoughts & wisdom on this.

In the last two weeks, I've seen a bunch of emails with the same Subject and Body Text .. only the email addresses change.

The Subject is always "Data Removal Request"

The Body Text is always

"I hereby withdraw my consent for you to collect, process or store any personal data related to name@emailprovider.com

I request that you delete any and all data related to, and belonging to name@emailprovider.com that your company stores, pursuant to my rights under Article 17 GDPR.

Thank you!"

These requests have covered emails from a variety of free email providers, gmail.com, gmail.fr, hotmail.com ... which makes me think there is a system or service out there generating these emails on behalf of individuals ... possibly for a nominal fee 🙂

Of the 20 or so emails we've seen, only a handful of the emails are actually customers / users of our service ... which makes me think the system or service sending these emails is generating mailshots and firing them out to a range of service providers like my company

Anyone else seen this?

I'm going to work through the email headers to see if there are any clues ... but I thought it was worth posting here in case anyone else is in the same position as me 🙂

Del · ‎06-05-2018

Going through the email headers ... I see some of them reference "gmailapi.google.com" ... which supports the idea of an app or service.

The ones that don't mention the gmailapi, do have a mapi id

Hmmmm

Baechle · ‎06-05-2018

Del,

Have you figured out the origin from the headers? Care to post the envelope info so we can look?

@Del wrote:
Going through the email headers ... I see some of them reference "gmailapi.google.com" ... which supports the idea of an app or service.

The ones that don't mention the gmailapi, do have a mapi id

Hmmmm

EB

Baechle · ‎06-05-2018

Del,

It appears as though your organization is within its rights to charge a fee before complying with/responding to unfounded requests.

This can be found in the "Can we refuse to comply with a request for other reasons" section of the ICO guidelines on erasure found here:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual...

EB

Del · ‎06-06-2018

Seems to be more than one origin ... one for gmail.com and gmail.fr users, and another for outlook.fr and hotmail.com

The first "Received" header for the outlook users:

Received: from AM4PR10MB0241.EURPRD10.PROD.OUTLOOK.COM
([fe80::2d19:ac0c:2541:ba71]) by AM4PR10MB0241.EURPRD10.PROD.OUTLOOK.COM
([fe80::2d19:ac0c:2541:ba71%6]) with mapi id 15.20.0820.012; Fri, 1 Jun 2018
19:09:27 +0000

Searching for that mapi id (15.20.0820.012) returns some hits relating to possible email scams / malware

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_win10-mso_2016/the-format-of...

https://www.signal-arnaques.com/en/scam/view/115100

https://scamsurvivors.com/forum/viewtopic.php?f=6&t=67875&mobile=on

https://anti-scam.de/cgi-bin/yabb2/YaBB.pl?num=1525015818 (you need to click on the spoiler to see the mapi id)

The first "Received" header for the gmail users:

Received: from 426803448907 named unknown by gmailapi.google.com with
HTTPREST; Sat, 2 Jun 2018 14:18:09 -0400
MIME-Version: 1.0

For completeness ... this is what the email body text looks like, for both gmail & outlook users

I hereby withdraw my consent for you to collect, process or store any personal data related to <email address here>

I request that you delete any and all data related to, and belonging to <email address here> that your company stores, pursuant to my rights under Article 17 GDPR.

Thank you!

Lamont29 · ‎06-06-2018

@Baechle

That's really good information about the fee that a company can charge. I wonder if any government organization might capitalize on that option in order to mitigate the a litany of requests...

LR

@Baechle wrote:
Del,

It appears as though your organization is within its rights to charge a fee before complying with/responding to unfounded requests.

This can be found in the "Can we refuse to comply with a request for other reasons" section of the ICO guidelines on erasure found here:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual...

EB

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE

someone · ‎06-07-2018

One such request each day since June 1, with seemingly random gmail addresses.

Del · ‎06-07-2018

Cool ... are they following a pattern? Similar / Same body text?

Can you post a sample?

Del

@someone wrote:
One such request each day since June 1, with seemingly random gmail addresses.

someone · ‎06-07-2018

Same plain text, all gmail addresses, no attachments, spf/dkim/dmarc ok (comes from google), addresses kind of resemble names, but not exactly, there are some errors/misspellings.

I hereby withdraw my consent for you to collect, process or store any

personal data related to xxxxx@gmail.com

I request that you delete any and all data related to, and belonging

to xxxxx@gmail.com that your company stores, pursuant to my rights under Article 17 GDPR.

Thank you!

Del · ‎06-07-2018

Thanks! It's got to be the same / similar thing.

For your gmail hits, do you see a 12 digit numeric associated with gmailapi.google.com in the headers?

Reading from the bottom up, at the first "Received:"

Received: from 426803448*** named unknown by gmailapi.google.com with HTTPREST;

I'm kinda relieved it's not just me seeing this 🙂

Anyone else seeing "Data Removal Request" mailshots?