Car dealers face a growing threat from cyber criminals as a rise of more sophisticated attacks threatens the industry.
Accountants BDO have warned criminals are taking advantage of the pandemic and preying on firms in an attempt to steal cash.
Phishing emails – where the criminal masks their email address by pretending to be the CEO and requests cash to be paid to a new account – are particularly on the rise.
BDO head of motor retail Steve Le Bas told Car Dealer that with the rise of home working, especially for accounts departments, has seen the vulnerabilities increase.
Le Blas said: ‘The biggest risk for car dealers of all sizes – and we’re seeing this in other industries too – is the rise in phishing emails.
‘Criminals are getting increasingly sophisticated and pretend to be the CEO or CFO and ask for a payment to be made immediately. These sorts of requests can be overlooked by accounts departments and acted upon and money lost very easily.
‘We are aware of an email of this type going to a purchase ledger assistant late in the day and they decided to get it actioned before they left and the company lost £25,000.
‘We’d advise car dealers of all sizes to check carefully and have robust procedures in place to ensure the right checks are made before payments are made.’
The attacks are affecting business of all sizes.
Last year, Honda saw production across the globe halted after a ransomware attack and only last week Kia’s dealer systems in America were compromised by a similar attack.
However, BDO warns it’s not just the manufacturers who should be worried about cyber crime.
In a special report, the accountancy firm said there are now more entities that are ‘better equipped’ to perpetuate a cyber attack than ever before.
The report said: ‘The rewards are increasing, whether the value of data on the dark web or the size of the ransom requests being paid to avoid the leakage of sensitive information across digital and social media platforms.
‘This drives demand with more skilled individuals involved in criminal activity.’
It’s not just phishing attacks that car dealers should be mindful of either. Customer data is particularly at risk, especially as car dealers rely more on harvesting and storing it.
‘Cyber criminals know the value of this data if stolen and it’s highly likely that automotive will be in the upper quartile of targets for cyber attack,’ says the report.
BDO outlines a number of ways car dealers can protect themselves against the growing cyber threat, starting with a regular assessment of the attacks that they might face.
‘It’s essential all known and emerging threats are formally identified and evaluated,’ says BDO.
Car dealers should look closely at high risk users who may be at risk of phishing attacks and put a procedure in place to ensure they don’t slip up.
Le Bas added: ‘It’s very easy to click on an email when you’re busy and working from home and assume it’s from the person it says it is from.
‘Car dealers should ensure that payments are not paid out to new accounts without sign off from the CEO or CFO.’
One countermeasure dealers should think about employing is additional funding, says BDO. Investing in protection is key and the budget needs to be ‘adequate to attract the best skills’ to stop the attacks.
- Join our breaking news WhatsApp group
- Listen to the latest Car Dealer Podcast
- List of the Top 100 profitable car dealers in the UK