The US Internal Revenue Service (IRS) has issued an advisory warning of phishing campaigns targeting car dealerships. The IRS says car dealers should be on the lookout for targeted phishing attacks following a ransomware attack that hit a major auto sales software provider last month.
“In light of the recent ransomware attack aimed at car dealers, the IRS is warning individuals and businesses to remain vigilant against these attacks,” the researchers write.
“Fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information or downloading a malware file onto their computer. Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic. The IRS urges car dealerships to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.”
The IRS says attackers may be using compromised email accounts belonging to entities that are trusted by dealerships. These emails can bypass security filters since they come from a trusted source, so dealerships should be wary of suspicious requests.
“In some cases, phishing emails appear to come from a legitimate sender or organization that has had their email account credentials stolen,” the advisory says.
“Setting up two-factor or multi-factor authentication with their email provider will reduce the risk of individuals having their email account compromised. Posing as a trusted organization, friend or family member remains a common way to target individuals and businesses for various scams. Individuals and businesses should verify the identity of the sender by using another communication method, for instance, calling a number they independently know to be accurate, not the number provided in the email or text.”
The IRS offers the following advice to help users avoid falling for these attacks:
- “Never respond to phishing or smishing or click on the URL link.
- “Don't open any attachments. They can contain malicious code that may infect the computer or mobile phone.
- “Don't click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS’ identity protection page.
- “Send the full email headers or forward the email as-is to phishing@irs.gov. Don't forward screenshots or scanned images of emails because this removes valuable information.
- “Delete the original email.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The IRS has the story.
Here's how it works:
