Do you believe your dealership is safe from phishing attacks? Here are two actual incidents that occurred at dealerships as a result of successful phishing attacks.
One day a salesperson at a Ford dealership received an email. The subject line read: RE: 2015 Ford Focus. The email appeared to be from a customer who was replying to an email that was originally sent from the dealership.
The email read something like this: “Please consider these changes and let me know what you think. If you are agreeable to my suggestions, I am willing to continue with this purchase.”
The email included a link to Dropbox.
Thinking this was a hot lead, the salesperson clicked on the link and was taken to a website that looked like Dropbox. The site prompted him to sign in using his email provider. The salesperson selected Outlook and entered his email address and password. He was unable to sign in, so he emailed the “customer” back to let him know.
As soon as the salesperson emailed the “customer,” the phishers were notified that they had “hooked” someone. Phish on! They immediately retrieved the salesperson’s email credentials and logged into the dealership’s Microsoft hosted exchange server.
In an incredibly unfortunate coincidence, the salesperson was in the process of doing a dealership exchange with a very expensive car from another dealership. Within the last two hours, the dealer that owned the vehicle had emailed wire instructions to the salesperson, which the salesperson had forwarded to the controller.
The phishers immediately hijacked the salesperson’s email account and created another email to the controller pretending to be the salesperson. In the email, the salesperson said the bank information he had previously sent was wrong, and asked the controller to please send the wire transfer to a different account number.
The controller obliged and proceeded to wire $251,000 to the new bank account. The money immediately disappeared. The entire incident took under two hours.
If you fall victim to wire fraud due to a phishing attack, that money is gone forever.
In another dealership, a successful phishing attack was launched from Facebook. One day the F&I Manager was browsing Facebook and clicked on a post that downloaded a file onto his computer.
What he didn’t realize was that the file installed Keylogger, a type of malware that tracks keystrokes, onto his computer.
Later that day the F&I Manager logged into the dealership’s credit bureau, allowing the cyber criminals monitoring him to capture his login credentials. Later that night the criminals pulled credit reports on over 200 customers. Fortunately, the credit bureau identified the suspicious activity and stopped the credit pulls.
The aftermath was painful. An FBI investigation ensued and the dealership was forced to hire security experts to conduct a security audit. In the end the dealership paid out over $150,000 in remediation. That’s one expensive Facebook session!
Could This Happen to You?
We all like to think these types of incidents could never happen to us; but the fact is they can and do happen to dealerships all the time.
Phishing attacks are responsible for 91 percent of all security breaches. Phishing is the act of sending emails to individuals with the goal of getting those individuals to either click on a link that takes them to a malicious website, or to download an attachment.
The attacks are designed to steal login credentials so the cyber criminals can gain access to your network, or to install various types of malware, including Ransomware, onto computers or servers.
Remember the old email scams that promised untold riches from Nigerian princes, if only you sent them your name, social security number and bank account number? Today’s phishing scams are much more sophisticated.
These emails often go undetected by firewalls and anti-virus software because the ‘reply to’ addresses are very similar to the actual email addresses used by employees in your organization or by other companies you do business with.
For example, let’s say your email address is JDoe@johndoedealership.com. Cyber criminals will register the domain address johndoedealershiip.com, then create and send emails from the address JDoe@johndoedealershiip.com. At first glance the two addresses look the same, and most employees don’t pay close attention to the ‘reply to’ address.
The most effective way to stop these attacks is to enroll your employees in a security awareness training program. These programs teach employees about the various phishing scams used and how to spot suspicious emails. Security awareness training is inexpensive and proven to reduce the risk of successful phishing attacks from 27 percent to just two percent.
In today’s growing cyber economy, it’s not a matter of if, but when your dealership will experience a phishing attack. Auto dealers are prime targets for phishers, so take the necessary preventive steps today.