Spam
Trending

Questions About GDPR Data Access Process for [yourdomain.com] Mary Clark maryclark@potomacmail.com

potomacmail.com: Spam, Scam or Shakedown?

Did you receive an email from “potomacmail.com“? Although we primarily focus on advance fee fraud emails (419 scams) here at 419.email we do have an interest in other scams, spams and schemes on the internet.

Today, we received an email which we believe has substantial public interest and should be published in full.

The email claimed to be from someone called “Mary Clark” and sent from from the domain “potomacmail.com”.
It appears that “Mary” really needs some GDPR CDPO Certification Training in Roanoke Virginia United States as she appears to be very confused about what GDPR actually covers. Then again, why you would need GDPR training in Virginia is beyond me unless someone convinced you that you needed it!
Let me first quote you the email and then I can give you my opinion on it.

To Whom It May Concern: My name is Mary Clark, and I am a resident of Roanoke, Virginia. I have a few questions about your process for responding to General Data Protection Regulation (GDPR) data access requests: Would you process a GDPR data access request from me even though I am not a resident of the European Union? Do you process GDPR data access requests via email, a website, or telephone? If via a website, what is the URL I should go to? What personal information do I have to submit for you to verify and process a GDPR data access request? What information do you provide in response to a GDPR data access request? To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request. Thank you in advance for your answers to these questions. If there is a better contact for processing GDPR requests regarding petscams.com, I kindly ask that you forward my request to them. I look forward to your reply without undue delay and at most within one month of this email, as required by Article 12 of GDPR. Sincerely, Mary Clark

My first thought is that it is a scam, especially considering the domain that I received this on. Quick search of the email brings me to (the great) Joe Wein’s website:
https://joewein.net/blog/2021/04/21/questions-about-gdpr-data-access-process-spam-from-virginia/

For those that know him, Joe is a gentleman, for those that dont Joe Wein is a scammers bane.
Joe has several honeypots and I will assume that this email also landed in one of his honeypots.

What is this emailing saying?

Let me give you my assumed translation:

Dear Sir or Madam:
My name is Probably Madeup, and I claim to be a resident of Roanoke, Virginia. I have a few questions about your process for responding to (GDPR) data access requests even though GDPR is in no way applicable to a resident of Roanoke , Virginia.

  • Would you process a GDPR data access request from me even though I am not a resident of the European Union? (Admin – Why?)
  • Do you process GDPR data access requests via email, a website, or telephone? If via a website, what is the URL I should go to?
    (Admin – Nothing to do with someone from Virgina, are you testing my knowledge?)
  • What personal information do I have to submit for you to verify and process a GDPR data access request?
    (Admin – This is GDPR 101. Are you really trying to test me or did you fail your EU GDPR DPO Training?)
  • What information do you provide in response to a GDPR data access request?
    (Admin – on the VERY rare occasion that I may need to I could just check HERE. I dont need to be a GDPR Certified Data Protection Officer to do that and, again, it has nothing to do with you Probably not Mary)

To be clear, I am not submitting a data access request at this time. My aim is to make you feel ignorant and then threaten to submit a request.
Thank you in advance for your answers to these questions. If there is a better contact for processing GDPR requests regarding petscams.com, I kindly ask that you panic them as they are probably the ones that can get authorisation for a EU GDPR Data Protection Officer Course in United States.
I look forward to your reply without undue delay and at most within one month of this email, as required by Article 12 of GDPR for European Citizens and Mary fromRoanoke.
Sincerely,
Mary Clark

Conclusion: Who is behind potomacmail.com?

Potomacmail.com is about a year old and is only used for mail. There are multiple online records of a carbon copy template of this email being sent out to multiple domain owners. I would not be bold enough to say who I believe is behind it as they may claim to be psudo-legitimate.
So Mary Clark/Mary Shelling/Kurt Mayfair go peddle your wares somewhere else.

Have you been contacted with a similar email? Add the details in the comments below.

I have no interest in supporting a company who spams out emails with the intention of frightening people into paying for their GDPR training course. I have no idea why someone in Roanoke has an interest in GDPR as from a simple google search there seems to be very little interest?

But what I do have are a very particular set of skills….

Show More

Leave a Reply

Your email address will not be published.

Back to top button