Phishing is the practice of sending targeted emails designed to lure employees into a number of actions, such as entering login credentials, credit card information or downloading documents infected with malware.


Phishing emails appear to come from familiar entities such as a bank, healthcare provider or delivery company. Sometimes they contain threatening messages such as "Urgent! Immediate response required."


Spear phishing is a more targeted form of phishing, where the senders have researched your dealership or you as an individual. Fake invoices that appear to come from a familiar supplier are a common phishing lure. When the attached document is downloaded, your network becomes infected with malware or a virus.


One common type of malware tracks the victims' keystrokes, giving cybercriminals access to login credentials and account numbers, which they can then use to hijack bank accounts and initiate wire transfers.


Whaling goes one step further. In dealerships, principals, GMs and accounting office employees are typically targeted in these sophisticated scams. Phishers may troll their targets for months, using social media and other sources to gather personal history and information, which is then used to craft emails that appear to come from a trusted source or colleague.


The scary thing about phishing is that because these emails are sent directly to employees in your dealership, they can bypass your security firewall and evade your anti-virus software. This leaves your employees as your last line of defense against phishing attacks.


If your employees don't know how to identify phishing emails, your dealership is vulnerable to an attack that could result in serious consequences. In simulated phishing attacks that we've conducted, three to seven percent of dealership employees have given up their credentials when prompted.


The prevalence of phishing attacks is rising. An April 2018 report by Osterman Research found that many companies have been compromised by phishing attacks.


  • 28% reported a phishing attack successfully infected systems with malware
  • 25% reported that sensitive/confidential info was leaked through email
  • 23% reported that user's account credentials were stolen
  • 17% reported a phishing email successfully tricked senior executives


Don’t Get Hooked


As devastating as phishing attacks can be, it’s relatively easy to prevent them if you know what to look for. If you're an employee working at a dealership, follow these five simple tips to keep your dealership's data, bank accounts and reputation secure.


Rule #1: Don’t click on links sent to you in emails


Any link in any email is inherently dangerous. If a customer, vendor, supplier—or anyone, for that matter—sends you a link do not click on it unless you were explicitly expecting it and it's from a known source.


If the link is to a website, do not use the link to navigate to that website. Open up your browser and manually navigate to the website by typing its name into the URL bar.


If you do use a link to navigate to a website, look at the URL bar. The URL will tell you if you're on a legitimate website or not. If you see a random URL with a bunch of strange characters in it, close your browser window and navigate to the website manually.


Another thing you might want to consider is switching from Chrome browser to Microsoft Edge. MS Edge is a new browser that was built for Windows 10 and was designed with significant security improvements, such as blocking websites that it detects are phishing sites.


Rule #2:  Check before downloading attachments


Every time you receive an invoice or other document from someone you know, double check the “reply to” email address before downloading the attachment. Phishers will set up email accounts that closely mimic familiar email addresses. So instead of the reply email might be


Rule #3: Don’t give away your credentials


The only time you should enter your email address, password, account information or credit card number online is if you navigate directly to a website and login.


NEVER email or message your information to someone. Never enter information on a website that you’ve linked to through an email. Also, never give your information out to someone that calls you. Some phishers will call their victims posting as a representative from Microsoft, a vendor or a bank. If someone asks for personal information over the phone, ask their name and politely tell them you'll call them back. Then call that company's phone number directly.


Rule #4: Require verbal verification for all wire transfers


You can email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. I know of several dealerships that have lost money this way and once the money is wired, there is no way to get it back. In every scenario we’ve seen, a conversation would have immediately thwarted the attack.


Rule #5: Enroll in security awareness training


Employee security awareness training programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program that uses videos, games and other training materials to educate the employee. Over the course of a year, continued security awareness training has been proven to reduce the risk of phishing attacks from 27 percent to two percent. 


Awareness if the first step to prevention. Share these tips with your employees to keep your dealership safe.


To learn more about phishing prevention, visit Booth #6453W at the NADA Convention & Expo. Schedule an appointment here


Views: 18


You need to be a member of to add comments!


Latest Activity

Dave Anderson's blog post was featured

Master the Art of Execution

The reason most organizations fail to achieve desired results is because they lack an effective…See More
Sally Whitesell posted a blog post
Cory Wright posted a blog post
Scot Eisenfelder posted a video

Maximizing Dollar per Unit in Operation

Scot Eisenfelder shares a factor that dealerships should be looking at in order to maximize revenue at their dealerships.
Mike theCarGuy Correra posted a video

Social Media vs Broadcast Media

Account Manager Mike Correra explains the difference between social and broadcast media in this video blog.
Jim Flint posted a blog post
Lehel Reeves posted videos
Jeff Cowan posted a blog post

Write Service Podcast: Episode 70- Q & A with Jeff Cowan- Service Advisors MUST LISTEN!

This week, Jeff does some Q & A from his viewers! After Jeff had been on the road for a few…See More
Dan Beres posted a blog post
John Sternal posted a blog post

Lease Credit Approvals Dip Slightly To 68.9% in August

Lease Approval Ratings Drop Slightly in August Following Increase in, the…See More
Crystal Hartwell posted a blog post

SureSale Certified Increases Used Vehicle Sales and Turn Rates for North Carolina Dealership

 New case study shows how Reed-Lallier Chevrolet leveraged this one-of-a-kind CPO program to…See More
Bill Wittenmyer posted a blog post

Stop being lead-centric. It’s about the customer experience.

Today’s customers expect and demand an amazing customer experience. The dealership with the right…See More
Reynalda Lor posted a discussion

Car Dealership Design Ideas?

Greetings!According to our marketing and HR teams, the sitting arrangements, interior and exterior…See More
Rob Gehring posted a blog post


Today’s…See More
Sep 17
Bill Wittenmyer posted a video

WittsWiseWords: Super Workers

Are you setting your employees up for success? In this #WittsWiseWords, automotive retail expert Bill Wittenmyer talks about why your super-start employee ma...
Sep 16
Michael Trasatti posted a video

New Thought Processes in Hiring

Mike Trasatti shares why companies should rethink their hiring processes in this video blog.
Sep 16
Samuel posted a blog post

Top Anti Phishing Softwares that are Affordable

As the security threat is increasing more, people look for a secure way to increase their data…See More
Sep 16
Courtney Evans posted a blog post
Sep 13
Anthony Giagnacovo posted a blog post
Sep 13
Mike theCarGuy Correra posted a video

Why Buy In is Important When Adopting New Technology

Account Manager Mike Correra shares why staff buy-in is vital to success when adopting new technology.
Sep 13

Get Newsletter

© 2019   Created by DealerELITE.   Powered by

Badges  |  Report an Issue  |  Terms of Service