Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
×
Erik Nachbahr, CISSP

Erik Nachbahr, CISSP President

Exclusive Blog Posts

A Decade Worth of Visual History for Google Ads

A Decade Worth of Visual History for Google Ads

A picture is worth a thousand words.   As Google continues to literally change colors, it’s worth noting that their Ad identification…

Even More Instagram Post Ideas.

Even More Instagram Post Ideas.

  Have you ever stared at your phone wondering what to post on Instagram, and come up blank? Happens to me all the time and is totally normal. We a…

Have you got on the VR bus, yet?

Have you got on the VR bus, yet?

  In a world where the internet sells cars, and videos are a huge part of this - have you got on the bus of using Virtual Reality to sell vehic…

So What is A Dealer Processing Fee?

So What is A Dealer Processing Fee?

At one time or another, we have been asked by a customer "what the dealer processing fee is?" to which most everyone would give a different …

The Impact Time has on the Customer Experience

The Impact Time has on the Customer Experience

    Michelle Denogean from Roadster discusses their research on time and customer satisfaction.  How have you found ways to redu…

43% of Small Businesses Have Been Phished: Is Your Dealership Next?

In the last 12 months 43% of Small to Mid-Size Businesses (SMBs) experienced a successful phishing attack, according to a July 2016 report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey. Was your dealership one of them? You may believe it won't ever happen to you, but chances are very good that one of your employees will become phish bait in the next year; and if they do, your dealership could lose thousands of dollars.

 

Phishing attacks appear in the form of emails that appear to come from a legitimate entity or person, such as a bank or online payment processor. The message contains a link that takes the victim to a fraudulent website where the user is prompted to provide login information. The cybercriminals then use that information to access the dealership's real accounts.

 

In one dealership I know of, an accounting employee received an email that he thought was from the bank. He clicked on the link and logged into a website that looked exactly like the bank's website. Shortly after, the phishers initiated a $450,000 wire transfer from the dealership's real bank. Fortunately the bank flagged the activity as suspicious and stopped the transfer from happening.

 

Spear phishing takes the scam one step further and targets specific individuals within organizations. In auto dealerships, this may be the controller or someone in the accounting office. The employee receives an email that appears to be from a dealer principal or general manager, with a request and instructions on how to wire money to an account.

 

This happened in another dealership I know of. An employee in the accounting department received an email from someone who he thought was the dealer asking him to initiate a $30,000 wire transfer. The employee exchanged several emails with the person posing as the dealer before complying with the request. The employee never suspected a thing. It was only discovered later that the email was a scam and unfortunately, there was no way to retrieve the funds.

 

Whaling is spear phishing taken to yet another level, targeting high-level executives within an organization. These attacks are very sophisticated. Phishers do quite a bit of research on their victims, using social media and other sources of information to gather information on personal history, interests and activities. They also collect names, job titles and email addresses of colleagues, and the information is then used to craft a personal and believable email.

 

Phishing emails may also appear to come from your email provider, social networks or delivery companies like FedEx. These emails contain links that bring you to fake login pages where they capture email and password information. Cybercriminals bank on the fact that many people use the same email and password for more than one account.

 

Even dealerships with state-of-the-art firewall and security software are vulnerable to phishing. It's difficult to prevent what appears to be a legitimate email from getting through the defenses.

Don't Get Hooked by Phishers!

To prevent your dealership's employees from becoming phish bait, education and training are key. Following these recommendations will help:

 

1) Require verbal verification for all wire transfer requests.

 

2) Never click on links in emails, or reply to emails that request personal information. Phishers often use terms like "urgent action required," "your account will be closed," or "your account has been compromised" to get people to react. If you receive an email like this, don't click on the link in the email. Instead, open up your web browser and manually navigate to what you know is the legitimate website. If you're concerned, call the company and ask to speak to a representative.

 

3) Change passwords. Don't use the same password for more than one online account. Change all your passwords every 90 days. Never share or give login information to anyone.

 

4) Keep your social media profiles private and don't accept friend or connection requests from people you don't know.

 

The good news is that it just takes some basic awareness and caution to avoid getting hooked. Once you know what to look for, it's easy to stop phishers in their tracks.

 Unlock all of the community & features  Join Now