Top 2 Cybersecurity Threats for Auto Dealers in 2020 - AutoSuccessOnline

Top 2 Cybersecurity Threats for Auto Dealers in 2020

Dealerships are vulnerable to cyberattacks because they store personal and sensitive information for thousands of customers.

Cybercrime is the fastest growing type of crime in the U.S., according to the FBI. Nearly half of all cyberattacks target small- to medium-sized businesses. It’s not a matter of if, but when your dealership will fall victim to a sophisticated cyberattack.

Although many types of cybercrimes are perpetrated against U.S. businesses, auto dealerships are most vulnerable to social engineering attacks and ransomware.

Social Engineering

This type of attack involves manipulating people to perform an action that benefits the cybercriminal. Phishing, spear phishing, business email compromise (BEC) and CEO fraud fall into this category.

The goal of these attacks is to get money. Hackers will spoof emails that impersonate dealership principals or other senior executives, asking someone in accounting to transfer funds for what appears to be a legitimate purpose.

Other examples of social engineering attacks include spoofed emails from employees requesting a change to their direct deposit account, or an email from a senior executive asking for PDFs of all employees’ W-2 forms. Another common type is an email from a colleague asking someone in accounts payable to pay an invoice that is attached to the email. Both the invoice and company are fake, but the cybercriminals will cash your check.

If an employee clicks on a link or downloads a file from a phishing email, hackers can also gain access to your network. Once there, they may try to steal login credentials for financial accounts so that funds can be transferred out, or they might locate and exfiltrate customer data in order to monetize it.

Tech support fraud is another type of social engineering scam, where criminals claim to provide customer, security or technical support in an effort to gain access to victims’ devices.  

In the last six years, nearly 70,000 victims in the U.S. have fallen for business email compromise scams, resulting in a dollar loss of over $10 billion. Once the money is transferred, it’s gone forever.


Ransomware is a type of malware that most often infiltrates your network through phishing and spear phishing emails.

Imagine getting an email from one of your suppliers that says, “Invoice attached.” The email addresses you by name and includes a friendly little message from your account rep at a supplier. You trust the sender so you click on the email attachment and the ransomware is downloaded onto your computer.

Alternately an email could take you to an infected website that will download the malware onto your computer. From there it spreads into your dealership’s computer network. The danger in ransomware is that it lies dormant for a period of weeks or months. Back-ups of your data performed during this period of dormancy will also back-up the ransomware.

Once the ransomware goes “live,” your most recent back-ups will also be encrypted, so it’s impossible to restore your files from your most recent back-ups. In order to decrypt your files and have access to them again, the cyber thieves demand a ransom.

At this point you have two choices. Pay the ransom or lose all your files and data. The majority of cyber thieves demand the ransom in bitcoins, a form of electronic currency that’s untraceable.

Recently there’s been a rise in a type of ransomware attack where the hackers threaten to leak customer data if they are not paid by their deadline. Auto dealerships are particularly vulnerable to this type of attack because they store personal and sensitive information for thousands of customers. If the hackers leak the data, your dealership is legally liable for the data breach.

Ransoms can range from thousands to tens of thousands of dollars. In a recent ransomware attack on an auto dealership in Florida, the hackers demanded $600,000.

Ransomware attacks are on the rise, with annual damages predicted to reach $20 billion in 2021, a 74% increase over $11.5 billion in 2019. In 2019, a business fell victim to a ransomware attack every 14 seconds.

Most small- and mid-sized businesses end up paying ransoms because they can’t afford the downtime and lack of access to critical data. In addition to the ransom paid, small businesses lose an average $100,000 per ransomware incident due to downtime and recovery costs, according to CNN Business.

Prepare Your Dealership

The most effective way to prevent social engineering and ransomware attacks is to enroll your employees in a security awareness training program. These programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program. Over the course of a year, continued security awareness training has been proven to reduce the risk of phishing attacks from 27% to 2%. That’s potentially a huge return for a relatively low cost.

Other tips to prevent cyberattacks include:

  • Have a written information security plan (WISP)
  • Require verbal verification before any funds are wired or transferred
  • Keep data backups for a minimum of 90 days
  • Modernize your IT infrastructure
  • Implement IT best practices for cybersecurity
  • Don’t allow employees to use personal devices at work, including cell phones
  • Purchase cyber liability or data breach insurance

Unfortunately, cybercrime isn’t going away any time soon. The best offense is defense, so be sure your dealership is prepared.

You May Also Like

4 Outbound Calling Tactics to Get More Customers on the Phone

Here are a few tips to improve your agents’ odds of getting connected with customers on outbound calls.

In 2022, we found that the average dealership connected 28.7% of its outbound calls to intended customers. That leaves a whopping 71.3% of all outbound calls unconnected. This call connection metric has remained overall consistent over the past four years. Furthermore, when a dealer is cold calling prospective customers with no prior call history, average outbound call connection dips to 15.8%! Here are a few tips to improve your agents’ odds of getting connected with customers on outbound calls.

How the Super Bowl Spawned New Video Creativity within the Automotive Industry

The industry leverages creative video in a variety of ways, not only to stand out amongst competitors, but to position their brands for greater success.

Prejudging Creditworthiness Can Cost You Sales

Today, there are better loan products for consumers whose creditworthiness isn’t reflected in traditional credit scoring metrics.

lendbuzz blog
Building the Right Omni-Channel Experience with Verification Tools

Many dealers continue to ponder the right digital retail strategy, and it is becoming clear that an omni-channel approach is the best approach.

Increase Your Alignment Sales

When properly presented, the alignment should be one of the most straightforward service operations to sell to the consumer.

Other Posts

Dealership Cybersecurity: Why a Proactive Approach Matters

Being proactive about cybersecurity is much cheaper and less painful than suffering the consequences of a breach.

Why All Evaults Are Not Created Equal

Today’s leading solutions afford the necessary protection to securely manage the electronically originated documents and assets.

Change is Constant: Dealer Success Requires Business Agility Powered by Technology

When it comes to enhancing customer experience, technology is vital to making the car-buying process as frictionless as possible.

How Dealers Can Navigate the Rising Cost of Doing Business in 2023

Risks and trends affecting your dealership — and how to work with your insurer to manage costs.