Who bears the loss when a hacker breaches one automotive dealership by impersonating the sales manager, controlling their email traffic and instructing another dealership buying 20 SUVs with multiple wire transfers to a different bank account than previously used? Who is at fault?

Both dealerships are at fault here and both risk losing a lot. As true incidents like above continue to occur, contract laws are in place and this specific case is enduring the appeal process. In many cases, there is an argument for both sides. Ultimately, a forensic investigation needs to be had and the facts will dictate the outcome of the ultimate liability using contract law.

While it is common for Withum to receive a call after this event has occurred, it is something that can be prevented or even stopped early on, if you and your team have a plan set up and know what to do. So, what can you do now to help your future?

  1. Invest in advanced forensic monitoring – Whether your email software is managed internally or externally by a third party, who is monitoring your software when configuration settings change?
    In this case, the hacker was able to phish a person, obtain credentials and sit inside the network undetected, reading emails and performing reconnaissance upon when it was time to strike their attack. But which email configurations changed? Email rules. Email rules, something you likely don’t check regularly, if ever, were established where an auto-forward rule immediately sent all emails received from the buying dealership to a Gmail account using a domain address exact to the selling dealership.
  2. For example, salesmanagername.cardealershipname.com compared to sales manager [emailprotected]gmail.com. The hacker was maintaining the selling dealership’s email server. (It was not clear what the third party email service provider was or was not monitoring – traffic, email configurations, etc.) Let’s assume they were monitoring with unsophisticated tools and/or human error entered into the disaster.

  3. Cybersecurity Training – Could cybersecurity training have helped in this case? Short answer: Definitely. If your team knows what to do in the event of a breach or how to prevent them,that will help. There is email software which helps filter and alert users that incoming email is from an outside organization. It can emphasize in the alert message that the user confirm the email address before opening or responding.
    In this instance, the buying dealership would have noticed that the selling dealership email address domain was perfect, except for the gmail.com extension.
  4. Purchase domains exactly and similar to yours – Have you purchased or taken the exact or similar domains to your official domains with various email extensions? If you have, then you needn’t worry as much about impostures taking over similar email extensions unless the registering company is breached. See our author’s authentic email address first then exact and/or similar addresses that follow. It is likely he has a Gmail account, but is that the address to transact business? In the similar email address notice the additional “r” and the use of two n’s “nn” which appear as the letter “m”.

  5. Compare: [email protected] | [email protected] | [email protected] | [email protected]

    • Invest in Cyber Insurance – Taking risks is part of running any business. If you haven’t looked into cybersecurity insurance, now is the time to do it. Companies with inadequate insurance coverage (i.e. Damage limits and/or covered events) or no coverage are at a big disadvantage. It is not a matter of if, but of when, a cyber breach will occur and your clients’ information, your important data, and your brand are at risk if you don’t have the business covered appropriately. There are many different variations of cyber insurance and finding the coverage to match your business and needs is critical especially when we see many riders in place with low coverage limits in the marketplace. The Cyber insurance marketplace is maturing and the renewal application process is becoming more detailed and sophisticated with questions.


    Cybersecurity Attacks: Is Your Dealership Prepared?

    How much of the above have you already been thinking about?

    When it comes to keeping your dealership secure, there is a lot to consider. Monitoring services by forensic professionals, third-party contract review, email configuration changes monitored by IT, adding new software to monitor and training for your professionals regularly are all key to creating and implementing a defensive strategy for any possible phishing attempts. White collar crime and rogue employee actions can happen every day. Discussing your cybersecurity options and level of preparedness are the first step to ensuring your business and team are ready.

    Learn more about Withum’s expanded cybersecurity services, lead by Matthew Ferrante. Should you have any questions or need any insight in your cybersecurity processfilling out the form below.

    How Can We Help?


    Previous Post

    Next Post