Professional Community for Car Dealers, Marketing, Advertising and Sales Leaders
Phishing is the practice of sending targeted emails designed to lure employees into a number of actions, such as entering login credentials, credit card information or downloading documents infected with malware.
Phishing emails appear to come from familiar entities such as a bank, healthcare provider or delivery company. Sometimes they contain threatening messages such as "Urgent! Immediate response required."
Spear phishing is a more targeted form of phishing, where the senders have researched your dealership or you as an individual. Fake invoices that appear to come from a familiar supplier are a common phishing lure. When the attached document is downloaded, your network becomes infected with malware or a virus.
One common type of malware tracks the victims' keystrokes, giving cybercriminals access to login credentials and account numbers, which they can then use to hijack bank accounts and initiate wire transfers.
Whaling goes one step further. In dealerships, principals, GMs and accounting office employees are typically targeted in these sophisticated scams. Phishers may troll their targets for months, using social media and other sources to gather personal history and information, which is then used to craft emails that appear to come from a trusted source or colleague.
The scary thing about phishing is that because these emails are sent directly to employees in your dealership, they can bypass your security firewall and evade your anti-virus software. This leaves your employees as your last line of defense against phishing attacks.
If your employees don't know how to identify phishing emails, your dealership is vulnerable to an attack that could result in serious consequences. In simulated phishing attacks that we've conducted, three to seven percent of dealership employees have given up their credentials when prompted.
The prevalence of phishing attacks is rising. An April 2018 report by Osterman Research found that many companies have been compromised by phishing attacks.
Don’t Get Hooked
As devastating as phishing attacks can be, it’s relatively easy to prevent them if you know what to look for. If you're an employee working at a dealership, follow these five simple tips to keep your dealership's data, bank accounts and reputation secure.
Rule #1: Don’t click on links sent to you in emails
Any link in any email is inherently dangerous. If a customer, vendor, supplier—or anyone, for that matter—sends you a link do not click on it unless you were explicitly expecting it and it's from a known source.
If the link is to a website, do not use the link to navigate to that website. Open up your browser and manually navigate to the website by typing its name into the URL bar.
If you do use a link to navigate to a website, look at the URL bar. The URL will tell you if you're on a legitimate website or not. If you see a random URL with a bunch of strange characters in it, close your browser window and navigate to the website manually.
Another thing you might want to consider is switching from Chrome browser to Microsoft Edge. MS Edge is a new browser that was built for Windows 10 and was designed with significant security improvements, such as blocking websites that it detects are phishing sites.
Rule #2: Check before downloading attachments
Every time you receive an invoice or other document from someone you know, double check the “reply to” email address before downloading the attachment. Phishers will set up email accounts that closely mimic familiar email addresses. So instead of John@xyzsupplier.com the reply email might be John@xxzsupplier.com.
Rule #3: Don’t give away your credentials
The only time you should enter your email address, password, account information or credit card number online is if you navigate directly to a website and login.
NEVER email or message your information to someone. Never enter information on a website that you’ve linked to through an email. Also, never give your information out to someone that calls you. Some phishers will call their victims posting as a representative from Microsoft, a vendor or a bank. If someone asks for personal information over the phone, ask their name and politely tell them you'll call them back. Then call that company's phone number directly.
Rule #4: Require verbal verification for all wire transfers
You can email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. I know of several dealerships that have lost money this way and once the money is wired, there is no way to get it back. In every scenario we’ve seen, a conversation would have immediately thwarted the attack.
Rule #5: Enroll in security awareness training
Employee security awareness training programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program that uses videos, games and other training materials to educate the employee. Over the course of a year, continued security awareness training has been proven to reduce the risk of phishing attacks from 27 percent to two percent.
Awareness if the first step to prevention. Share these tips with your employees to keep your dealership safe.
To learn more about phishing prevention, visit Booth #6453W at the NADA Convention & Expo. Schedule an appointment here http://bit.ly/NADA6453W
Welcome to
Automotive Digital Marketing
Please use the "Sign Up" link above to complete your registration form and become a member of the industry's leading Automotive Marketing and Internet Sales Professional Community. ADM members have access to resources, connections and private events that provide them with a competitive advantage.
Automotive Professional Network and Resource Exchange for Car Dealers, Managers, OEM and Marketing Practitioners seeking Best Practices.
June 4, 2018 at 6pm to May 31, 2019 at 7pm – USA
0 Comments 2 LikesSeptember 23, 2018 to April 30, 2019 – Conference Centers
0 Comments 1 LikeDecember 8, 2018 at 6pm to December 8, 2019 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesDecember 14, 2018 to December 14, 2019 – Sydney, NSW, Australia
0 Comments 0 LikesDecember 21, 2018 at 6pm to December 21, 2019 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesDecember 28, 2018 at 6pm to December 28, 2019 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesJanuary 8, 2019 at 6pm to January 8, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesJanuary 16, 2019 at 6pm to January 16, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesJanuary 23, 2019 at 6pm to January 23, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesJanuary 30, 2019 at 6pm to January 30, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesFebruary 5, 2019 at 6pm to February 5, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesFebruary 12, 2019 at 6pm to February 12, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesFebruary 18, 2019 at 6pm to February 18, 2020 at 7pm – melbourne, Australia
0 Comments 0 LikesFebruary 19, 2019 at 6pm to February 19, 2020 at 7pm – Sydney, NSW, Australia
0 Comments 0 LikesFebruary 20, 2019 to January 20, 2020 – Colorado
0 Comments 0 LikesFebruary 21, 2019 from 12pm to 1pm – https://digitalairstrike.com/10-ways-to-use-AI
0 Comments 1 LikeGetting too many emails from ADM? Click mailbox below to control which types of alerts and updates you are sent......
© 2019 Created by Ralph Paglia.
Powered by
Oops... You need to stop "Lurking" on ADM and become a more genuine Automotive Professional by completing your membership registration. As a registered ADM Member, you can post comments, publish your own articles (be a star!) and start Forum discussions. Stop being an online "Peeping Tom" and JOIN ADM RIGHT NOW!
Join Automotive Digital Marketing