Beware of Compromised Emails
Modern email phishing attacks typically begin with an email that appears to be from someone you may know or trust. These may also be crafted to appear to come from an authority such as a government entity in an attempt to frighten the recipient. However, things are not always as they appear. The email may really be from a malicious actor. Attachments to the email may contain malware that could infect your computer, or the body of the email may contain links to click, leading the user to bogus web sites.
Email Risks in Your Dealership
Let's say for example an email appears to come from a coworker at your dealership. The email may have an attachment for you to open. The text of the email may say, "Check this out!" When you click on the attachment, you may be installing a keystroke logger, virus, or spyware onto your computer.
Alternately, the email could appear to be from a finance source, notifying you that a number of pending credit applications or finance contracts need additional information immediately, or the deals will be canceled. Instructions direct you to (what appears to be) the finance source’s web site and ask you to provide your login information. When you click on the URL, the web site appears legitimate. In reality, the dealership and personal information you supply is being harvested by the malicious actor.
In either case, the malicious actor will attempt to use the harvested information to break into your dealership network or accounts. If the scammer succeeds, the financial, legal, and reputational implications to your dealership could be significant.
How Do Attackers Get Access?
Attackers use the art of deception to entice employees to either reply to an email or click a link which could introduce malware to the system, deploy ransomware, or conduct a Denial of Service (“DDos”) attack.
Some of these methods include:
- Spoofing: Manipulating email accounts and trusted websites to create slight variations on legitimate web addresses and login pages to harvest account credentials.
- Spear-phishing: Hackers send specially crafted emails appearing to come from a trusted sender to prompt a specific target into revealing confidential information or performing an action such as a wire transfer.
- Malware uploading: Used by attackers to gain access, damage company networks or resources, or attempt to extort a ransom.
How to Avoid Phishing
Educate yourself and your staff to be suspicious of:
- Emails containing grammatical errors, misspelling, or incorrect word usage. These errors should raise a red flag.
- Requests to share non-public, personal, or confidential information.
- Unsolicited emails asking you to "verify your account," "confirm your password," or otherwise share non-public or personal information. Never supply your login credentials to an email asking for them or use the link supplied by the sender.
Never depend on information supplied in any unsolicited email. Before you click on any attachment, independently confirm the identity of the sender. If the email contains a website link, type the URL into your browser, rather than clicking on the hyperlink in the body of the email.
Before sharing any dealership or other confidential information, do your research. Be ever vigilant regarding the email messages you receive. If it looks suspicious, it probably is.
Finally, consider using Multi-Factor Authentication for login if your email solution supports it; this adds an additional hoop malicious actors would have to jump through to gain access to dealership systems.
We're Here to Help You Succeed
RouteOne offers a variety of complimentary and premium compliance tools and services to help you manage your dealership's compliance and security tasks.
Connect with your Business Development Manager to learn more today.