Know Your Enemy. Recognize a Phishing Email Before It’s Too Late.

Imagine it is payday and your direct deposit didn’t hit your account. Questions start running through your mind. Did I approve my timecard? Was there a bank error? Glitch in the payroll system? There are many perfectly reasonable explanations. You need the money, but it can wait a day or two until this error is resolved.

So you start asking your co-workers, “Was your paycheck in your bank account this morning?”

Everyone says yes.

No panic yet. You will just call your payroll specialist and let them know there was a little mistake, get your money, and everything will be fine.

But the explanation you receive from them stops you in your tracks.

“We re-routed it to the new bank account you asked us to in your email last week.”

You did not send an email. Your account was hacked, probably by a link you clicked on, and now your money is in the hands of a cybercriminal, withdrawn from an untraceable closed account, and gone forever.

This is a very real scenario that took place with the general manager of an actual DealerIT client. And it is way more common than you might think.

Cybercriminals are always working hard for an easy score. They are monitoring your dealership’s activity and looking for ways to take people’s hard-earned money or sensitive data for resale on the dark web. Phishing emails are one of their most common tools.

The paycheck example is relatively small compared to another situation with a different DealerIT client before they had our security training. This dealer was in the process of a buy/sell. The group’s CFO received an email from the selling agent asking to wire the seven-figure amount to a different account than planned, ironically because there was allegedly suspicious activity associated with the original account.

The CFO had everything set to go through and (thankfully) called the selling agent just prior to authorizing the wire transfer to let them know it was going to the new account.

“We didn’t send the email,” the CFO was told. Disaster was narrowly avoided.

There are two key takeaways from these real-life scenarios: One, taking an email at face value, particularly when there is money involved, is a bad practice. Two, though there are hundreds of products designed to stop the sophisticated methods cybercriminals use to attack, people are the first and weakest line of defense.

In both cases, the email address of the sender was spoofed, with one character changed, but since the rest of the email looked legitimate the recipient followed through without noticing. It is imperative for people to be trained to be skeptical of anything that comes through their inbox.

Emails like these would have raised red flags to the trained eye. The email address would have jumped off the page. The implied urgency that made the recipient feel like they needed to act quickly is also a common phishing tactic employed by cybercriminals. Finally, upon closer examination, there were typos and poor language that is typical of these sorts of efforts as they often originate from foreign countries.

A managed services provider should be on the frontlines training your employees to recognize red flags like these to protect your dealership’s cash and valuable information. DealerIT does this and puts other measures in place such as an alert header at the top of every email that originates outside your mail server. This greatly reduces incidents directly related to spoofed emails addresses and phishing in general.

Are you worried about your next paycheck being stolen? Are you concerned about the safety of a wire transfer in this digital world? If you are not doing all you can to ensure your first line of defense – your employees – have the knowledge and resources necessary to keep from falling victim of a cyberattack, you need to act quickly to protect your business.

Click here and ask our team to perform a complimentary security assessment of your dealership. Your next paycheck could be riding on it.