Tax season is upon us, and that means if there is one thing you can count on, in addition to filing deadlines, it’s an increase in scams and cyberattacks.
In fact, the IRS recently sent out a warning about a significant increase of “phishing scams.” In the typical phishing attack, the sender will attempt to trick you by sending a crafted message with malicious attachments, or links to malicious websites. Email is one of the most popular avenues for the attacker to take, however, phishing attempts have been successful via telephone with the goal of acquiring personal and financial information. Usually the “spoof” email will come from a name the receiver will recognize, and in some of the most recently documented attacks, someone in authority in the company, such as a CEO or CFO.
Cybercriminals are constantly working to find new ways to deceive and trick others into falling victim to phishing emails. Your dealerships policy should be to always confirm activities such as requests for money or requests for confidential information, through independent channels other than email.
So called “phishing attacks” remain the most common, as they are relatively simple to perpetrate, and easy for victims to fall prey to. While phishing attacks are on the rise, especially during tax season, they are not they only way that you are at risk.
Related to “phishing scams,” and in many ways even more insidious and dangerous, are so called “ransomware” attacks.
What Is Ransomware?
Ransomware is a very specific type of malware. Imagine this. You or an employee of your dealership attempts to open up an important file, such as a quarterly sales report, or profit/loss statement. Instead of the file opening as usual, a message pops up on the screen that says, “The file you are trying to open, has been corrupted, and your computer compromised. In order to open the file and clean your computer you must pay 500.00 for new software.”
That is what it is like to be the victim of “ransomware.” In these kinds of ransomware attacks, a malicious program or virus has infiltrated your system, and the very hackers that put it there, are now charging you a “ransom,” to remove it.
But how did the ransomware get there in the first place? Again, that goes back to a phishing scam, and is usually the result of an authentic looking email that said something such as, “It’s time to update your software. Click here.” Ransomware phishers also like to pose as law enforcement officials, or government agencies, and send very legitimate looking emails that imply that your security software doesn’t work, or you have some credential or certification that is out of date and needs to be reactivated.
Protecting Your Dealership From Ransomware
While ransomware can be very harmful to your systems and sensitive data, it is relatively easy to guard against.
First of all, just as in any kind of cyberattack, it takes awareness. Hopefully, you have already created a culture in your dealership for all personal to be “on alert” for malicious emails and phishing scams. If someone has inadvertently caused a ransomware virus to get into your system, all employees need to know that they must never, ever agree to pay any kind of ransom, should such a banner or error message pop up. They should be instructed to immediately contact IT or their direct supervisor, should they receive such a message.
Fortunately, most ransomware attacks can be prevented by implementing and following the same kinds of company-wide procedures that should already be in place to prevent or minimize phishing attacks, such as:
- Never open an attachment or click on links in an email, even if it appears to be from someone you know, without first verifying the authenticity.
- Be sure that all employees are using a browser extension that detects websites that are malicious, or whose security certificates cannot be adequately verified.
- Always use security software and a firewall, and make sure all antivirus/antimalware software is up to date.
- Make sure your data is backed up in some secure fashion, every day.
Create a Culture of Awareness
The bottom line is, auto dealers must understand that because of the sensitive nature of the data they maintain, they are high-profile targets for ransomware, malware and other cyberattacks. You need to create a culture of awareness of the very real threats that could seriously impact your customers and your business.
The IT and system specialists with MBAF can help you asses your risk and implement mitigation solutions compatible with your needs and budget.