Pub. 5 Issue 2

22 Issue 2 2019 The subject line read: RE: 2015 Ford Focus and looked as if a customer was replying to an email originally sent from the dealership. The email read something like this: “Please consider these changes and let me know what you think. If you are agreeable to my suggestions, I am willing to continue with this purchase.” The email included a link that appeared to go to the Dropbox website. The salesperson clicked on the link and was taken to a website that looked like Dropbox. The site prompted him to sign in using his email provider. The salesperson selected Outlook and entered his email address and password. He was unable to sign in, so he emailed the “customer” to let him know. As soon as the salesperson emailed the “customer,” the phishers were notified that they had “hooked” someone. They immediately retrieved the salesperson’s email credentials and logged into the dealership’s Microsoft hosted exchange server. In an incredibly unfortunate coincidence, the salesperson was in the process of selling a very expensive car. Within the last two hours, the dealer that owned the vehicle emailed wire instructions to the salesperson, and the salesperson forwarded it to the Controller. The phishers immediately created another email to the Controller pretending to be the salesperson. In the email, the salesperson said the bank information he sent previously was wrong and asked the controller to please send the wire transfer to a different account number. The controller obliged and proceeded to wire $251,000 to the new bank account. The money immediately disappeared. The entire incident took under two hours to complete. If your dealership hasn’t already been targeted in a similar incident, just wait. Auto dealers are prime targets for phishers because it’s not uncommon for auto dealers to wire large sums of money. The good news is that it’s relatively easy to prevent this type of phishing attack, if you take the time to educate your employ- ees. There are four simple rules that, if followed, will keep your dealership secure. Rule #1: Don’t click on links sent to you in emails ANY link in ANY email is inherently dangerous. If a cus- tomer, vendor, supplier or anyone sends you a link, do not click on it unless you were explicitly expecting it. If the link is to a website, do not use the link to navigate to that website. Open up your browser and manually navigate to the website by typing the company name in the URL bar. Rule #2: Look at the URL bar If you do use a link to navigate to a website, look at the URL bar. In the case above, had the salesperson looked, he would not have seen http://dropbox.com, but a random .org URL with a bunch of strange characters in it. Another thing you may want to consider is switching from the Chrome browser to Microsoft Edge. MS Edge is a new browser that was built for Windows 10 and was designed with significant security improvements, such as blocking websites that it detects are phishing sites. Rule #3: Don’t give away your credentials The only time you should enter your email address, password, account information or credit card number online is if you navi- gate directly to a website and login. NEVER email or message your information to someone, and don’t enter the information on a website that you’ve linked to through an email. Rule #4: Require verbal verification for all wire transfers You can email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. There is no way to get the money back after it has been wired. In every scenario we’ve seen, a conversation would have immediately thwarted the attack. I highly recommend that all dealerships educate their em- ployees about the four simple rules detailed in this story. Many employees aren’t aware of the threats that are out there, and awareness is always the first step to prevention.  Erik Nachbahr is President and Founder of Helion Automotive Technologies, a managed technology services provider for auto dealers, with more than 25,000 computers under management across 650 dealerships and body shops. Erik can be reached at ENachbahr@heliontechnologies.com. As soon as the salesperson emailed the “customer,” the phishers were notified that they had “hooked” someone. They immediately retrieved the salesperson’s email credentials and logged into the dealership’s Microsoft hosted exchange server.