Pub. 5 Issue 2

21 Four Simple Rules to Prevent Phishing Attacks BY ERIK NACHBAHR P hishing attacks are becomingmore prevalent at auto dealerships, with one dealership recently falling vic- tim to an attack that resulted in a loss of $251,000. If you believe this can’t happen at your dealership, think again. In phishing simulation tests conducted by He- lion Technologies, we have found 3-7 percent of dealership employees are willing to give up their credentials when prompted. Phishing is the practice of sending emails, purporting to be from a legitimate company, in order to lure a person to reveal personal information, such as passwords and credit card numbers. Phishing emails may appear to come from your email provider, bank, delivery company or other seemingly legitimate source. The emails contain links that bring you to fake login pages where thieves capture your email and password information. Spear phishing is a more targeted formof phishing,where the senders have researched you as an individual or business. For example, fake invoices are the most common type of phishing lure. If you receive an invoice from someone that you know, double-check the “reply to” email address before download- ing the attachment. Otherwise, you could inadvertently down- load a malware or virus onto your computer! Whaling goes one step fur- ther, focusing on an individual within an organization. These attacks are very sophisticated. Phishers do a lot of research on their victims, using social me- dia and other sources of infor- mation to gather personal his- tory and information, which is then used to craft an email that appears to come from someone that the victim knows. Ph i s h i ng a t t a c k s a r e launched by groups of sophis- ticated, trans-national crimi- nals. These are not kids sitting in their parents’ basements. These groups are well-funded and reinvest their profits to build world-class infrastruc- tures and hire world-class programmers. Their only goal is to get your money. Anatomy of an Attack Recently, a salesperson at a dealership received an email.