Car dealerships have long been a target of hackers and cybercriminals due to their access to banks and sensitive consumer information. But according to WardsAuto, a dealership's biggest cybersecurity threat could be its own employees.

More and more hack attacks on auto dealers are coming in the form of sophisticated email scams designed to trick employees. These cybersecurity attacks generally involve getting an employee to unwittingly perform actions that compromise the business network and/or sensitive information.

It's Happening…

WardsAuto is aware of "dozens" of dealerships across the country that have fallen victim to hackers using these sophisticated email schemes. They say that hackers have successfully managed to access bank account numbers, routing numbers, login credentials, consumer bank account/routing/credit card/social security numbers, consumer addresses, and consumer credit scores.
Cybersecurity Attacks

And these are just the incidents that Wards is aware of. For all we know, that figure could be much, much higher. Here are a few examples of actual incidents happening to dealerships:

  • A Request for a Wire Transfer
    One controller received an email from who he thought was the dealer he frequently did business with. The "dealer" requested a $30,000 wire transfer, and the controller okayed the request after a few more emails back-and-forth. The bank involved was not able to retrieve the $30,000.
  • Watch Where You Enter Sensitive Information
    One dealership accountant was directed to what he thought was Bank of America's website via email. He was prompted to enter login info, bank account numbers, and more. This eventually enabled the hackers that set it up to initiate a $400,000 wire transfer, but thankfully, the real Bank of America stopped it from going through.
  • One Click Could Spell Trouble
    An F&I manager innocently clicked an email attachment and unwittingly downloaded a virus on their computer. The virus allowed hackers to track every website visited and every keystroke made. They were eventually able to gather enough information to access credit bureau sites and extract the credit reports of hundreds of customers.

… And Your Store Could Be Next

These types of attacks can easily get by security software and firewalls because they originate from emails sent to employees. They are attacks specifically planned to infiltrate a business's network and information. And don't think that it couldn't happen to your store, no matter what size it is.

According to the security company Symantec, half of all email phishing attacks target small businesses - those defined as having 250 employees or less. Hackers know that small and mid-sized business usually have fewer data-protection measures in place and limited resources allocated to cybersecurity.

To prevent these types of attacks from happening to your dealership, WardsAuto has these recommendations:

  • Set Basic Security Policies
    Experts say that most dealership networks lack even the most basic of security protections. With all of the personal and financial information at stake, that has to change. Dealers should set strict security policies and train employees to adhere to them. Good examples include a policy that requires verbal verification for all wire transfers, and not allowing employees to take home business electronic devices that contain sensitive information.
  • Get Insurance
    There is such a thing as cyber-liability insurance, and a good policy will cover your store if customer records are compromised. If customer records are accessed, costs can run to $1 million or more per incident, yet the "majority" of dealerships do not have cyber-liability insurance.
  • Encrypt PCs and Keep Everything Updated
    Encryption is a great way to protect sensitive data on your store's computers and network. As for security software, Wards says that over 90% of dealerships "do not have a system in place to keep their [software] patches updated on a regular basis." Also, all passwords should be strong and changed regularly. The usernames and passwords of all former employees should be wiped from all systems as well.

The damage a cybersecurity attack can cause is too catastrophic to not be taken seriously. If the slew of recent email scams isn't enough to get your store talking about this, what is?

A Resource You Can Trust

In this day and age, it doesn't make sense to not have comprehensive policies in place. Likewise, if your dealership has a special finance department, it doesn't make sense to not be working with Auto Credit Express.

We are an unmatched subprime lead provider that offers training, software, and other services that can help your store maximize its revenue potential. To learn more, get in touch with one of our Special Finance Experts by giving us a call at 888-535-2277 or by filling out our online contact form.