Do you believe your dealership is safe from phishing attacks? Here are two actual incidents that occurred at dealerships as a result of successful phishing attacks.


One day a salesperson at a Ford dealership received an email. The subject line read: RE: 2015 Ford Focus. The email appeared to be from a customer who was replying to an email that was originally sent from the dealership.


The email read something like this: “Please consider these changes and let me know what you think. If you are agreeable to my suggestions, I am willing to continue with this purchase.”


The email included a link to Dropbox.


Thinking this was a hot lead, the salesperson clicked on the link and was taken to a website that looked like Dropbox. The site prompted him to sign in using his email provider. The salesperson selected Outlook and entered his email address and password. He was unable to sign in, so he emailed the “customer” back to let him know.


As soon as the salesperson emailed the “customer,” the phishers were notified that they had “hooked” someone. Phish on! They immediately retrieved the salesperson’s email credentials and logged into the dealership’s Microsoft hosted exchange server.


In an incredibly unfortunate coincidence, the salesperson was in the process of doing a dealership exchange with a very expensive car from another dealership. Within the last two hours, the dealer that owned the vehicle had emailed wire instructions to the salesperson, which the salesperson had forwarded to the controller.


The phishers immediately hijacked the salesperson's email account and created another email to the controller pretending to be the salesperson. In the email, the salesperson said the bank information he had previously sent was wrong, and asked the controller to please send the wire transfer to a different account number.


The controller obliged and proceeded to wire $251,000 to the new bank account. The money immediately disappeared. The entire incident took under two hours.


If you fall victim to wire fraud due to a phishing attack, that money is gone forever.


In another dealership, a successful phishing attack was launched from Facebook. One day the F&I Manager was browsing Facebook and clicked on a post that downloaded a file onto his computer.


What he didn't realize was that the file installed Keylogger, a type of malware that tracks keystrokes, onto his computer.


Later that day the F&I Manager logged into the dealership's credit bureau, allowing the cyber criminals monitoring him to capture his login credentials. Later that night the criminals pulled credit reports on over 200 customers. Fortunately, the credit bureau identified the suspicious activity and stopped the credit pulls.


The aftermath was painful. An FBI investigation ensued and the dealership was forced to hire security experts to conduct a security audit. In the end the dealership paid out over $150,000 in remediation. That's one expensive Facebook session!


Could This Happen to You?


We all like to think these types of incidents could never happen to us; but the fact is they can and do happen to dealerships all the time.


Phishing attacks are responsible for 91 percent of all security breaches. Phishing is the act of sending emails to individuals with the goal of getting those individuals to either click on a link that takes them to a malicious website, or to download an attachment.


The attacks are designed to steal login credentials so the cyber criminals can gain access to your network, or to install various types of malware, including Ransomware, onto computers or servers.


Remember the old email scams that promised untold riches from Nigerian princes, if only you sent them your name, social security number and bank account number? Today's phishing scams are much more sophisticated. 


These emails often go undetected by firewalls and anti-virus software because the 'reply to' addresses are very similar to the actual email addresses used by employees in your organization or by other companies you do business with.


For example, let's say your email address is Cyber criminals will register the domain address, then create and send emails from the address At first glance the two addresses look the same, and most employees don't pay close attention to the 'reply to' address.


The most effective way to stop these attacks is to enroll your employees in a security awareness training program. These programs teach employees about the various phishing scams used and how to spot suspicious emails. Security awareness training is inexpensive and proven to reduce the risk of successful phishing attacks from 27 percent to just two percent.


In today's growing cyber economy, it's not a matter of if, but when your dealership will experience a phishing attack. Auto dealers are prime targets for phishers, so take the necessary preventive steps today.

Views: 11


You need to be a member of to add comments!


Latest Activity

Sally Whitesell's blog post was featured
2 hours ago
Dave Anderson's blog post was featured

Master the Art of Execution

The reason most organizations fail to achieve desired results is because they lack an effective…See More
Sally Whitesell posted a blog post
Cory Wright posted a blog post
Scot Eisenfelder posted a video

Maximizing Dollar per Unit in Operation

Scot Eisenfelder shares a factor that dealerships should be looking at in order to maximize revenue at their dealerships.
Mike theCarGuy Correra posted a video

Social Media vs Broadcast Media

Account Manager Mike Correra explains the difference between social and broadcast media in this video blog.
Jim Flint posted a blog post
Lehel Reeves posted videos
Jeff Cowan posted a blog post

Write Service Podcast: Episode 70- Q & A with Jeff Cowan- Service Advisors MUST LISTEN!

This week, Jeff does some Q & A from his viewers! After Jeff had been on the road for a few…See More
Dan Beres posted a blog post
John Sternal posted a blog post

Lease Credit Approvals Dip Slightly To 68.9% in August

Lease Approval Ratings Drop Slightly in August Following Increase in, the…See More
Crystal Hartwell posted a blog post

SureSale Certified Increases Used Vehicle Sales and Turn Rates for North Carolina Dealership

 New case study shows how Reed-Lallier Chevrolet leveraged this one-of-a-kind CPO program to…See More
Bill Wittenmyer posted a blog post

Stop being lead-centric. It’s about the customer experience.

Today’s customers expect and demand an amazing customer experience. The dealership with the right…See More
Reynalda Lor posted a discussion

Car Dealership Design Ideas?

Greetings!According to our marketing and HR teams, the sitting arrangements, interior and exterior…See More
Rob Gehring posted a blog post


Today’s…See More
Sep 17
Bill Wittenmyer posted a video

WittsWiseWords: Super Workers

Are you setting your employees up for success? In this #WittsWiseWords, automotive retail expert Bill Wittenmyer talks about why your super-start employee ma...
Sep 16
Michael Trasatti posted a video

New Thought Processes in Hiring

Mike Trasatti shares why companies should rethink their hiring processes in this video blog.
Sep 16
Samuel posted a blog post

Top Anti Phishing Softwares that are Affordable

As the security threat is increasing more, people look for a secure way to increase their data…See More
Sep 16
Courtney Evans posted a blog post
Sep 13
Anthony Giagnacovo posted a blog post
Sep 13

Get Newsletter

© 2019   Created by DealerELITE.   Powered by

Badges  |  Report an Issue  |  Terms of Service