Skip Navigation

April 6, 2020 |

3 cyber threats that can shut down your auto dealership

Loading table of contents...

Each day, the odds of a cyber attack on your auto dealership increase.

One auto industry survey showed that 62% believe a malicious attack on auto software, technology, or components is likely (35% believe it’s likely and 27% say very likely).

From phishing emails used to launch ransomware and encrypt or lock your critical files to fraudulent emails designed to redirect financial funds, your dealership and customers are at high risk.

Even your physical inventory is a target. Frost & Sullivan estimates that there are 50 vulnerable attack points on a modern vehicle with cyber security accounting for up to 5% of the cost of the vehicle electronics.

63% say they test less than 50% of hardware, software, and other technologies for vulnerabilities. 71% believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.

If you suffered a cyber attack and a breach of sensitive data, what would you tell your customers? How would you make your sales quotas? How would you continue daily operations?

It’s time to understand the cyber threats targeting your dealership (and what you can do about them).

Top cyber threats to auto dealerships

Phishing emails

Phishing is a cyber attack method that attempts to gather critical data—usernames, passwords, and even bank account numbers—using deceptive emails and links to malicious websites. An estimated 65% of organizations experienced a phishing attack in 2019.

Phishing relies on realistic-looking emails to fool recipients into clicking a link, opening a file, or even convincing a recipient to share confidential information. For example, a phishing email may land in an employee’s inbox that is disguised as someone in the very same dealership or even an important leader in the industry.

Learning to recognize the signs of phishing is critical. A phishing test was conducted among 125 employees at an auto dealership with a phishing email directing employees to a website to enter their usernames and passwords. Three employees clicked on the link in the email and entered their login information on the website. If the phishing attack was real, there would have been damaging consequences for the dealership.

Recent phishing attacks on auto dealerships:

An email with a malicious attachment was downloaded on a finance and insurance manager’s computer at a dealership. The malware logged the computer’s internet history and keystrokes. The cyber criminals used the information to obtain hundreds of customer credit reports, costing the dealership more than $150,000.

Someone impersonating a dealership employee emailed a controller at the dealership, requesting a $30,000 wire transfer. The controller initiated the transfer, and unfortunately, the dealership was unable to stop or reverse the transfer.

Ransomware attacks

Ransomware is malicious software designed to encrypt your computer files, emails, and other data until a ransom is paid. Strains of ransomware can completely lock your computers and devices, preventing any access to your systems.

Cyber criminals also use two-stage ransomware extortion—known as doxware and extortionware—that first restricts access to your data, then threatens to disclose the sensitive data to the public.

Last December, the Federal Bureau of Investigation (FBI) issued a warning about increases in the number of cyber attacks on the auto industry, including ransomware.

Recent ransomware attacks on auto dealerships:

Two years ago, the auto sector was significantly impacted when the WannaCry ransomware attack hit over 300,000 computers in 150 countries across a wide range of industries. Honda Motor Company, Renault, and Nissan were affected. In fact, Renault and Nissan temporarily shut down their plants in France, Slovenia, and Romania to recover.

In a more recent attack, an employee at The Arrigo Automotive Group in West Palm Beach, Florida, unknowingly opened a malicious email launching ransomware that infected computers across Arrigo’s five dealerships. Rather than pay the ransom, Arrigo chose to remediate the attack. The dealership purchased 250 new computers and hired external security response experts. The remediation was estimated at close to $500,000.

Business email compromise (email fraud)

Business email compromise (BEC), also known as email fraud, typically targets a company’s financial and procurement departments or a business owner. This type of email attack attempts to initiate a financial transfer to an attacker-controlled account.

Cyber attacks involving business email compromise (BEC) and phishing are lucrative scams—with BEC representing 50% of total cyber crime losses in the United States.

In April 2019, for example, the FBI’s Internet Crime Complaint Center (IC3) reported that BEC victims lost over $1.2 billion in 2018. And the U.S. Treasury recently reported that BEC scams carried out on U.S. victims are now responsible for losses in the neighbourhood of $300 million per month, or nearly $3.6 billion on an annual basis.

Recent BEC attacks on auto dealerships:

In fact, last August, a European subsidiary of Toyota Boshoku Corporation was targeted by hackers as part of a BEC scam. A third-party hacker posed as a business partner of the Toyota subsidiary, sending emails to members of the finance and accounting department that requested funds be sent for payment into a specific bank account controlled by the hacker.

Total financial losses from the BEC scam are reportedly close to $37 million. The company is now trying to recover this money with the help of law enforcement officials.

Is your dealership safe from cyber attacks?

Don’t let a cyber attack take your dealership down. Your business, employees, customers, and partners are too important to risk it—take control of your cyber security today.

Contact our cyber security experts for a free consultation to identify the security prevention you need and how to easily put this into place.