Automotive Digital Marketing

Professional Community for Car Dealers, Marketing, Advertising and Sales Leaders

Loading... Be Patient!

Car Dealers Are Facing Imminent Threats of Cyber Attack

Car Dealers Must Prepare To Deal with Security Breaches

In August, Timonium, Maryland based Helion Technologies announced that 75 percent of small businesses have experienced at least one security breach within the previous 12 months... This factoid is according to a recent survey conducted by Osterman Research.


The findings were published in a July 2016 report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey. The survey's results were derived from companies surveyed that ranged in size from 100 to 3,000 employees.

"These findings are similar to what we are seeing in auto dealerships, and unfortunately we are seeing the rates of attack continuing to increase," said Erik Nachbahr, President of Helion Technologies. "Every time a hacker successfully breaches a network and profits from the attempt, 10 more hackers get into the game."


Small businesses, (including car dealerships) are defined as having fewer than 500 employees. These are the companies most vulnerable to security attacks because they are less likely to have full-time security experts on staff. Nearly one-third of the survey respondents had two or fewer IT personnel focused solely on security, indicating that smaller companies do not have the expertise necessary to deal with attacks, infections and other problems quickly and efficiently.

"Security doesn't have to be this massive, complicated problem for auto dealers," said Nachbahr. "Prevention is actually pretty inexpensive and easy. What's really costly is when a breach happens. A single incident may result in the loss of hundreds of thousands of dollars. Yet with simple technology precautions as well as employee awareness and training, these incidents can easily be prevented."

According to the survey, the most successful form of security attacks included:

  • Phishing: 43 percent of SMBs experienced a successful phishing attack. Phishing attacks appear in the form of emails that appear to come from a legitimate entity or person, such as a bank. The message contains a link that takes the victim to a fraudulent website; for example, a website that looks exactly like the bank's website. The user is prompted to provide login information, which is then used by the hackers to access the dealerships' real bank account.

    Spear phishing takes the scam one step further and targets specific individuals within organizations. In auto dealerships, typically this is the controller or someone in the accounting office. The employee receives an email that appears to be from a dealer principal or general manager, with a request and instructions on how to wire money to an account. Once the money is wired, there is no way to retrieve it.


  • Virus or Worm Infection: 36 percent of SMBs experienced these types of attacks, which are computer codes that replicate themselves and spread through a computer network. Viruses and worms are designed to destroy data, use available memory and bring systems to a halt.


  • Ransomware: 23 percent of SMBs (Includes car dealers) were victims of ransomware, a type of malware that infects computer networks and lies dormant for a period of time. Once activated, ransomware encrypts all files in an organization and the hackers demand a ransom for their release.


The survey also found that for SMBs, overall security-related costs have increased an average of 23 percent in the last 12 months. The increase is likely correlated to the growing number of security threats; for example, in 2015 the number of phishing URLs increased by 55 percent and the total volume of new malware increased by 14 percent.


One of the primary targets in Car Dealerships is Customer Data.

In auto dealerships there is enormous value within all of the customer records kept in dealership management systems and customer relationship management applications. Stolen login credentials, credit card numbers, social security numbers and account numbers can be used for a variety of purposes; including gaining access to corporate financial accounts, selling credit card numbers on the open market or creating new identities for criminals.


Auto dealership employees can minimize the threat posed by phishing, worms, viruses and ransomware by doing the following:

  • Don't click on any links in emails or download documents sent by an unknown party
  • If you receive an email from your bank, don't use that link to go to the bank's website. Instead open a new window to navigate to your bank's website. If you have any concerns about the content of the message you received, call your bank
  • Require verbal authorization for all email requests to wire or transfer money
  • Keep every computers' operating system and other software applications up to date, installing patches and updates regularly
  • Use firewall and antivirus software


According to Helion Automotive Technologies, the single greatest source of threats to dealership cyber security are the dealership's employees.

Helion also has stated that hackers are specifically targeting car dealerships and focusing on dealership business offices (accounting) and the Finance and Insurance departments.


Helion claims that international crime organizations are using targeted email scams that are designed to trick employees into performing actions that will result in their dealerships becoming vulnerable to an attack.

“The increase in the number of organized attacks in the last year is astounding, and auto dealers need to be on alert,” said Erik Nachbahr, president of Helion. “In addition to the volume of attacks, the level of sophistication and research involved is frightening.”

Hackers who break through firewalls and get access inside dealership networks have the ability to gain access to dealership login credentials, dealership and customer bank accounts and their wire transfer routing numbers. This is on top of all the other private customer information treasure troves in dealership DMS and CRM systems...

Helion provided an example of an actual cyber attack incident at a dealership:

"A virus was downloaded in an email attachment onto the F&I Manager's computer. The virus tracked every website visited and every keystroke. Hackers were able to use the information to login into credit bureau sites and extract credit reports for more than 200 customers before they were caught. This incident ultimately cost the dealer more than $150,000."

According to Helion, security software and firewalls alone can’t stop an attack like this because the attack originates inside the dealership's secured network from an employee email. These email attacks are targeted and are designed to look as if it were sent from within the dealer or group organization.


Attacks like the one described above are called "Spear Phishing" attacks.

There are ways to reduce risk and to prevent them, Nachbahr recommends that dealerships verbally verify all requests for wire transfers. He also recommends dealerships have a cyber-liability insurance policy in place. Employees should be trained on cyber warfare tactics, he said, and all software patches from each system's publisher should be regularly updated.

For more information about dealership cyber security you can contact Helion at 443-541-1500 or visit


About Helion Automotive Technologies

Helion...Putting Your Dealership in the FAST LANE! Helion Automotive Technologies is a leading IT solutions provider, providing auto dealers with faster, more efficient networks and secure data protection. From managed services to IT assistance and service desk help, Helion offers both short-term IT fixes and long-term planning so dealers can focus on what matters most: selling more cars. Helion has specialized in IT for more than ten years and works with 650+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at

Views: 534

Tags: Cyber Attack, Cyber Security, Helion, IT, managed, security, services, solutions, vendor


Oops... You need to stop "Lurking" on ADM and become a more genuine Automotive Professional by completing your membership registration. As a registered ADM Member, you can post comments, publish your own articles (be a star!) and start Forum discussions. Stop being an online "Peeping Tom" and JOIN ADM RIGHT NOW!

Join Automotive Digital Marketing

Comment by Ken Luna on October 9, 2016 at 4:35pm

Excellent post. Quite a few stories popping up about dealership employees selling Social Security numbers. Of course if you use a system that does not need them that helps as well. 

Comment by Ralph Paglia on October 9, 2016 at 2:54am

The first time I really started thinking about hackers and what they might want from a dealership's computer systems was in 2003 when I was working on the Mercedes-Benz USA BDC Project where the team I led either installed or did assessments of "Client Communication Centers" (CCC) in over 300 Mercedes dealerships... Several dealers shared similar stories with me, but the Mercedes Dealer in Cherry Hill really hit it home for me when he told me about a company that had approached him at the dealership and offered him $100,000 for his customer database of over 30,000 customers who had purchased or leased new Mercedes-Benz vehicles from the dealership over the course of about twelve years at that time. The dealer did NOT accept the offer, but he did have a new respect for the value of data security and what he had that was worth protecting.

Automotive Professional Network and Resource Exchange for Car Dealers, Managers, OEM and Marketing Practitioners seeking Best Practices.

ADM Sponsor

William B. Terry
Rated by Super Lawyers

loading ...

ADM Badge


Based On Your Interests...

ADM Consulting, LLC

Onsite/Offsite Combination ADM Consulting, LLC Professional Services
Select the maximum monthly investment you plan to make
Sign up for

Automotive Marketing Tools

Get ADM Toolbar

Click here to take the ADM Member Survey

Getting too many emails from ADM? Click mailbox below to control which types of alerts and updates you are sent......



ADM Professional Services
Phone Consultation
Topic or Issue:

Top Automotive Marketing Forum Discussions

Share the Best Content w/AutoMarketing Community

© 2020   Created by Ralph Paglia.   Powered by

ADM Badges  |  Report an Issue  |  Terms of Service