Our CEO, John Acosta, gives another Dealer Tech Bulletin to keep dealerships informed of the important, urgent, or upcoming opportunities and threats to their business. Today’s topic: voice phishing. 

The FBI and the Cybersecurity Infrastructure Security Agency have recently issued a warning about a growing threat of phishing attacks against companies. Vishing, which is voice phishing, is a social engineering method that uses voice communication to entice victims to divulge sensitive information through the initiation of a phone call. This is a social engineering hack that’s getting more sophisticated with everyone working from home. Malicious actors have found new and innovative ways to get information out of people.

How to Prevent Vishing

There’s a couple of things that you can do to make sure that you don’t fall victim to this type of attack. First, be suspicious of unsolicited phone calls or emails from unknown individuals claiming to be from a legitimate organization like your bank, state, or federal government. Do not provide personal information or information about your organization. This includes its structure or networks, unless you’re certain of a person’s authority. If possible, try to verify that caller’s identity directly with the company.

Passphrases Stop Hackers 

Another important tip that we recommend is if you’re doing interdepartmental billing or approving wires (or anything of that nature), always follow up with an email or with a phone call and have a secret passphrase between the dealer principal and the controller. For example, during World War II, they used “thunder” and “lightning” as a passphrase. You can come up with your own, you can even use car terminology. If you say “finance” they may say “insurance”, that way you can verify that you’re talking to the right person. Also, always bookmark the correct corporate domains and websites. Never visit any alternative URLs on the sole basis of an inbound phone call.

Double, Triple Check Everything

If you receive an email be suspicious of any links or URLs, especially if it’s from a bank with wire instructions: double, triple-confirm everything and make sure that your accounting department or anybody that’s dealing with financial information is being very wary. It is important to always be suspicious of everything that’s happening on the financial side. Always double-check everything.

I Got Vished, What Now?

If you receive a vishing call, document the phone number of the caller, as well as the domain that the actor tried to get you to. Relay this information to management or the appropriate authorities if warranted. Make sure to take action immediately, and get your team to understand that this vishing is happening so they can be on the alert.

If you and your team needs anything, we’re always here to help. 

You can also take advantage of our Free Employee Cybersecurity Training – get everyone in your dealership trained on these kinds of attacks in just 1 hour, remotely online.