Car dealerships and automotive retailers are hot targets for phishing and social engineering attacks. The biggest vulnerability isn’t your technology setup or passwords, it’s your staff. 

If your staff isn’t trained on how to identify these attempts, they could hand over sensitive information such as credit card or banking information to hackers. 

At VTech Dealer IT, we spend every minute of the day making sure our customers are protected, and we want all dealerships to be, too (whether you’re our customer or not). 

Let’s discuss some of the most common methods hackers use to steal information from a car dealership, so you can prevent it from happening in the future.

The Gift Card Scam

 The number one method hackers use is a classic and still one of the most popular: the gift card scam. 

Hackers don’t have to do anything other than impersonating somebody in the dealership, like a manager or director, to get an employee to buy gift cards.  

For example, the general manager sends a message that says, “Hey, I’m in a meeting, go to Walgreens and buy me five $200 gift cards and scratch them off and send me the numbers because I have a partner that we’re doing a promotion for”. 

The employee doesn’t know it’s untrue and it looks like it came from the boss – why would they question it? 

Hackers regularly impersonate key personnel at dealerships to get somebody to buy gift cards for them for easy money.

Impersonating Staff

Another popular social engineering scheme these hackers do is impersonate an important person in the organization to then ask an employee to wire transfer money from one account to another, or an account outside of the organization. 

This usually involves more sophisticated methods, because the hackers will have to review emails back and forth between the organization to get the gist of the organization’s structure. 

They then try to figure out who they can pose to better manipulate the staff. They even take the time to impersonate the tone of their target – we’ve seen incredible attention to detail.

Unfortunately, the second the money is wired, it’s in an offshore bank account and is almost impossible to recover. 


Classic Phishing Attack

The most common and typical hack is a traditional phishing attack, a true art form where the hacker will impersonate either Office 365, UPS, Bank Teller,  FedEx, or even Amazon, trying to get you or your sales guys to enter personal information in an unsolicited email. 

These phishing emails may look like they come from a trusted source, but all they are trying to do is get the password to your account and use that information to compromise the whole organization.

Social engineering turns your own employees into dangerous weapons that hackers can use to penetrate your organization. Without proper training and protection, a hacker could disguise themselves and go unnoticed. Protecting yourself from phishing attempts are important and should be addressed immediately. 

For a limited time, we are offering a free Cybersecurity Training to any dealership that wants it – no charge. We take these kinds of attacks personally, and we know that by spending just 1 hour of your team’s time, you can significantly reduce the odds of falling prey to an attack. Learn more about this training here.