As if COVID-19 and the shutting down of our economy aren’t enough to worry about, dealership owners need to be aware that cybercriminals are using this crisis to fuel an enormous rise in cyberattacks.
Preying on fears is a specialty of cyberthieves, who are now sending phishing emails with subject lines related to COVID-19. Some of these fake emails appear to be from health organizations such as the CDC offering information and health advice.
Other phishing emails appear to be from charities, asking for donations to help fight COVID-19. Also look out for emails that appear to be coming from the government, asking you to verify personal information in order to claim your stimulus check.
Some emails contain malicious attachments that if downloaded, could infect your network with a virus or malware such as ransomware. Other emails contain links to fraudulent websites that try to trick users into entering their personal information. Most of these emails use fake landing pages like Gmail or Office 365 and ask people to enter their username and password.
Be especially wary of social media postings that contain links, which might lead to fraudulent fundraising or charity websites. Some scammers are using texts and phone calls to appeal for donations as well.
Even if your dealership has a secure firewall and anti-virus software, a number of phishing emails will inevitably get through to your employees. If they don't know how to identify these emails, your dealership is vulnerable to an attack that could result in serious consequences. In simulated phishing attacks that Helion has conducted, three to seven percent of dealership employees routinely give up their credentials when prompted.
If you haven’t been proactive about cybersecurity in your dealership, now is a great time. Start by educating your employees about the increased threats, and train them how to spot phishing emails.
—Avoid clicking on links in unsolicited emails and be wary of email attachments.
—Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
—Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
—Verify a charity’s authenticity before making donations, and go directly to the charity’s website to make the donation.
—If your employees are working from home and accessing your network through a virtual private network (VPN), ask them to stay vigilant for malicious emails with subject lines related to remote access or other technical problems. The goal of these emails is to fool workers into entering their login credentials.
—Enroll employees in a security awareness training program. These programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are enrolled into an online training program that uses videos, games and other training materials to educate the employee. Security awareness training is very inexpensive and over the course of a year, is proven to reduce the risk of phishing attacks from 27 percent to two percent.
You probably have enough to worry about without the added worry of a cyberattack that might result in a ransomware incident or successful data breach. But cyberthieves, like politicians, never let a good crisis go to waste. Now is the ideal time to shore up your dealership’s cybersecurity defenses and train employees how to avoid getting hooked by phishing emails.