Over 90 percent of all successful cyberattacks begin with a phishing scam. That means your biggest cybersecurity risk isn’t an elite hacker breaking through your defenses — it’s someone at your dealership clicking the wrong link. One moment of panic or curiosity can open the door to ransomware, data theft, or a complete system shutdown. 
 

What is Phishing?

Phishing is a social engineering attack in which cybercriminals pose as trusted contacts, such as coworkers, vendors, or familiar companies.  The goal is to have you interact with a link, provide sensitive information, or download harmful software. Cybercriminals design these messages to look legitimate and create a sense of urgency or fear to garner a quick response. 
Common Signs of a Phishing Email 
We’ve touched on why an attacker would want to send a phishing email, but what can this look like? Here’s a list of the more popular indicators you can look out for:  
  • A request for sensitive, personal, or financial information 
  • An uncharacteristic greeting and/or tone that differs from prior interactions 
  • Numerous typos, poor grammar, or unusual sentence structure 
  • A misspelled sender email address or domain name 
  • An unexpected attachment or link 
  • Urgent or threatening language (“Your account will be deactivated!”) 
  • The sender is someone you haven’t provided your information to 
 

Would you feed the phish?

Sometimes it’s easier to recognize a phishing attempt when you’re watching it happen to someone else. Let’s take a moment to follow Frank as he walks right into a phishing trap. 
Videos are only available with JavaScript enabled.
View Transcript
As you watch, Frank’s missteps may seem very apparent. This simplification was intentional, designed to shine light on a dark situation. Unfortunately, phishing can be extremely difficult to spot in the real world, especially if the hacker has gained access to a legitimate email you interact with regularly. Poorly written spam emails still exist, but they’re no longer the only threat.  
 

Stay a Step Ahead

Phishing attacks prey on human error, but there are practical ways to build a stronger defense. Here are a few best practices: 
  • Update Systems Regularly
    Keep your software up to date to reduce potential vulnerabilities. 
  • Backup Your Data
    Encrypt backups and ensure your vendor or provider follows the 3-2-1 rule. Three copies, two types of media, and one offsite. 
  • Use Multifactor Authentication
    Add extra layers of security to sensitive accounts to prevent unauthorized access. 
  • Enforce Access Controls
    Apply the principle of least privilege! Limit access to data based on necessity. 
  • Segment Your Network
    Reduce the spread of threats by isolating critical systems and data. 
 
Awareness and preparation can go a long way when it comes to phishing. By understanding how phishing works and what to look out for, you can help protect your dealership from taking the bait.