All phishing attacks can potentially expose your dealership to malware that corrupts its computer network, or mines the data in its DMS without you knowing it. Spear phishing attacks are targeted at a single target, either an individual or an organization, and can be very difficult to detect until it’s too late.
This video was originally published in December 2021.
What is Spear-Phishing?
We’re still phishing, only this time it’s “spear phishing.” Again, I’m talking about phishing with a “ph” – those emails or text messages that try to induce you to surrender your account information or, worse for your dealership, click on a link that results in malware infecting your dealership’s computer network.
Our last episode focused on what I call broadcast phishing – indiscriminate emails or text messages that rely on volume as much as content for their success. But spear phishing is a different animal, and more dangerous. Spear phishing attacks are targeted at a single target, either an individual or an organization, and can be very difficult to detect until it’s too late.
What is an example of a spear-phishing attack?
Let me give you an actual example to illustrate what a spear-phishing attack looks like. A few weeks ago, I was eating dinner in Texas with an actual IT professional, whom you’d think would know better. Let’s call him Bob. Bob and his wife had recently bought their first house. The process involved weeks of email traffic between them and their real estate agent and, eventually, a title insurance company.
As closing drew near, Bob got an email that appeared to be from his real estate agent. In it, the agent reminded him of a recent email message wherein the agent informed Bob that he would need to either bring a cashier’s check for the down payment to closing or wire those funds to the title company’s account. The agent then said that the title company preferred a wire transfer, and provided the account information for the wire.
Bob dutifully wired $50,000 – the whole of his liquid savings. Later, he called the title company to confirm their receipt of the money. That’s when he discovered they had no idea what he was talking about and were expecting a cashier’s check at closing.
How could this happen? Remember, we’re talking about spear phishing, where a particular individual or organization is targeted with a convincing attack. It seems a sophisticated hacker accessed the real estate agent’s email account and actually saw the messages between the parties. Thus, the hacker knew Bob’s situation and knew he was expecting instructions concerning the transfer of his down payment. When the fake email instructions came in, he was a sitting duck.
Fortunately for Bob and his wife, he reacted quickly and contacted local law enforcement, the banks involved, and, ultimately, the real estate agency’s insurance company. He recovered all but $4,000 of his down payment money and was able to close. Funny how we consider losing “only” $4,000 is a happy ending, isn’t it?
Spear-Phishing Awareness
So what’s the moral of the story? The best weapon against phishing attacks – especially spear-phishing attacks – is awareness. Any email or text message that invites you to click on a link, provide account information, or send money, should be scrutinized carefully. Unless you’re absolutely certain it’s legitimate, contact the sender using a known phone number, and never use a phone number or email address contained in the message itself.
All phishing attacks can potentially expose your dealership to malware that corrupts its computer network, or mines the data in its DMS without you knowing it. That’s why we produce these videos – to increase awareness of the problem – so share them with your employees. Forewarned is forearmed. Keep warning your staff and you’ll arm your dealership against phishing attacks.
If you’d like more tips or need training on how your dealership can prevent phishing and other computer network attacks, contact us today.