Data Protection Day

When emails are not what they seem: A personal warning

Data Protection Day

Published: Wed 28 Jan 2026, 9:00 AM

Last updated: Wed 28 Jan 2026, 9:54 AM

Regan Kelly

On a wet, cold and windy January Tuesday, I awoke to the sound of my newborn son’s demands for breakfast, and like his dad, when he is hungry, he waits for no one.

Smiling back at me, milk-drunk and content, he went back to bed, and I began the process of getting ready for another day of work.

Coffee secured, computers on, monitor glowing; I was ready to get cracking, and as always, checking emails is the first port of call.

Routine aside, I always check my personal email, as sometimes work-related matters end up there, and on this Tuesday, it seemed as if that was just the case.

An email landed from the CEO of Celtic Media Group, or so I thought.

This did not raise any concerns for me, as we have often communicated via Gmail, so it seemed no different.

The correct name popped up, and it was a similar email by all accounts. Looking at our other emails to each other, the tone was almost identical.

Company logo, sign off and usual end of email communications. Whether it was the lack of sleep or naivety, I believed it, and this almost ended badly.

They spoke about my role as Digital Content Journalist and gave the impression that they were aware of the initiatives we were working on.

So, I was asked to purchase gift cards for each title belonging to Celtic Media Group, as a reward for a year of hard work, which, of course, was correct.

This wasn't out of the ordinary; our CEO has often provided gift cards to staff as a reward for hard work.

In total, the amount was over €1,000, which is what they initially asked for, but I'm sure it would have been more if I decided to follow through.

In the end, I responded, saying no problem, eager to please in my relatively new role.

I went off to the shop, picked up the gift cards and brought them to the checkout to purchase all of them.

Somehow, a voice in my head said, I should give our CEO a call once I buy them and deliver to him personally, just in case.

Before I had a chance to carry this out, the lady at the checkout counter informed me of a recent scenario where a young woman who had just started her job was scammed out of thousands through a false email from her manager. They could only sell two at a time because of this.

DING DING DING. I promptly called our CEO, who informed me that no; he did not send this email, and it clicked that I had almost been scammed.

Needless to say, five minutes of quiet reflection followed in the front seat of my Nissan Micra, and I swore never to be deceived like that again.

Later that day, I researched exactly what had happened to me earlier, and I found out that there is an entire dark industry dedicated to scamming people like this.

It is known as “Executive Phishing”, otherwise known as CEO fraud, which has become an increasing problem around the world in recent years.

Essentially, it is a form of sophisticated scamming where the perpetrators impersonate CEOs or other high-level members of staff.

Unlike other forms of scamming, going after higher-level employees, Executive Phishing targets employees. This allows them to use the authority of the manager or CEO.

This form of phishing is not always to steal money from victims; most of the time, it is to gather sensitive information about the company.

This Wednesday, January 28, is Data Protection Day, which is an internationally recognised day to raise awareness around data protection and best practices associated with this.

As we head further into the digital age, the risk of data breaches, scams, and phishing gets higher.

Education is key in battling this, and using skills acquired through this education will be helpful in keeping your private information secure online.

The EU is dedicated to helping tackle the growing risks that the digital age can bring for data safety.

Data Protection Day also aims to celebrate the signing of Convention 108, which was modernised in 2018 to help people keep their information safe.

This makes sure that individuals' sensitive data is protected, with clear parameters for processing someone’s data.

Across the world, there will be events aiming to provide businesses and individuals alike with vital information on the rights surrounding data, best security practices and the growing importance of keeping personal information safe in the digital age.

So, this year, don't be like me. Be vigilant, avail yourself of all the education available on data safety and awareness of scams. Always inform your friends and family of these measures, and if it seems off, it may well be.