As we gear up for September, a time when many consumers consider vehicle purchases and lease companies initiate their annual service updates, it's essential for your customers to be in the know about an ongoing cybersecurity concern within the automotive space.
Our threat intelligence team has recently uncovered evidence of personal data, including names, addresses, vehicle registration numbers, vehicle identification numbers (VINs) and vehicle details, being traded on the dark web. In this particular instance, the shared data contains 20 million data strands. What’s more shocking is that this volume of data can be purchased for only $500.
Cybercriminals can use this data for physical theft or cybercrime. It provides vehicle details and location, making it easier to steal. VIN information can be used to clone a car and steal its identity. Criminals can also carry out scams with this data through phishing attempts.
Here are some examples of how cybercriminals could use this personal data to conduct very convincing attacks:
Fake Servicing Updates:
Imagine receiving an email that appears to be from a legitimate service centre or dealership, notifying your customers of an upcoming vehicle service. Hackers, armed with their personal information, could craft very convincing emails. Clicking on the malicious links provided could lead to malware infiltrating your customer’s device and compromising its security.
False Lease or Finance Offers:
Your customers’ personal and vehicle information can be used by cybercriminals to create fake lease or finance offers that seem too good to be true. Falling for these scams might result in divulging sensitive financial information, leading to potential identity theft and financial harm.
Fake Promotions:
Armed with the information they've obtained, hackers might tempt your customers with irresistible promotions, claiming that they’ve won a special discount, accessory, or vehicle upgrade. Falling for these ploys could expose their credentials or open them up to further phishing attempts.
How can your customers protect themselves from these scams?
Let’s take a look at some simple steps your customers can take that can help them identify these types of phishing scams.
1. Approach Emails with Caution:
Your customers should remember to be cautious when they receive unsolicited emails related to vehicle services, upgrades, or promotions. They should refrain from clicking on links or downloading attachments from unfamiliar senders.
2. Always Verify the Source:
If your customers receive an email from a dealership, service centre, or financial institution, they should take an extra step to verify the information by directly reaching out to the official phone number or website mentioned in their legitimate documents. They should avoid using the contact details provided within the email.
3. Inspect URLs Thoroughly:
Before clicking on any links in an email, your customers should hover their cursor over them to reveal the true destination URL. If the URL seems suspicious or doesn't match the official website, it's likely a phishing attempt.
4. Use Two-Factor Authentication (2FA):
Whenever possible, advise your customers to enable 2FA for an additional layer of security. Even if hackers manage to compromise login credentials, having 2FA enabled will make it more difficult for the hacker to gain access to accounts.
5. Stay Ahead with Cyber Xpert:
Your customers can rely on Cyber Xpert to keep them safe online. DynaRisk’s personal cyber protection tool uses ongoing scans and monitoring, and real-time alerts to help protect your customers and their personal data.
Cyber threats constantly change. Therefore it's crucial to keep customers informed and provide simple steps to protect themselves.
Find out more about Cyber Xpert, DynaRisk’s personal cyber protection tool