Pub. 5 2024 Special Edition

AAuto dealerships are attractive targets for fraud and other cyber threats. Adopt the mindset of a tech-savvy criminal and it’s easy to see why — dealerships have sizeable deposit balances, make frequent high-dollar transactions (i.e., ACH, checks and wire transfers), and have numerous employees who use systems with sensitive customer data. Dealer management systems contain a treasure trove of information that hackers can sell or use to commit other crimes: social security numbers, bank account information, credit applications and scores, and insurance data. And auto dealers’ information technology systems often lack the latest firewalls, updates and security patches, giving criminals an easy path to cyber fraud. Given the sluggishness of digital security measures adoption, hackers know the odds of a successful cyberattack on a dealership are high. Roughly half (47%) of dealers surveyed lack confidence in their level of cybersecurity protection.1 Similarly, 46% said their dealership had experienced a cyberattack in 2023 that negatively impacted business operations or finances.2 With threats so prevalent, dealers must work to better understand the complex fraud and cyber threat landscape — and adopt proactive strategies to effectively mitigate their risk. UNDERSTAND THE VARIED THREAT LANDSCAPE Although many types of fraud pose risks for auto dealers, payments fraud is most common. Four out of five organizations reported an attempted or completed payments fraud in 2023 — a 15% increase from 2022.3 Of those, 65% involved checks, making checks the most fraud-prone form of payment. ACH debits were next at 33%, while fraudsters used wire transfers (24%), commercial credit cards (20%) and ACH credits (19%) somewhat less often. Business email compromise (BEC) is the primary source of attack for payments fraud.3 Relying on social engineering attacks, scammers trick employees into providing sensitive information, making fraudulent payments or opening email attachments that contain malware. Criminals can then enter a system and gain access to sensitive data or impersonate another member of an organization. Regularly review your online user entitlements to make sure rights are legitimate and appropriate. All users do not need access to everything, particularly personally identifiable information such as your customers’ social security numbers. Accounts payable and treasury teams are primary marks for BEC since they manage and approve outgoing payments. Others target legitimate, outsourced service providers or vendors to get into an organization’s systems or pose as a new vendor to obtain fraudulent payments. Synthetic fraud based on false identity is an increasing threat as well. Be Alert to Synthetic Fraud Synthetic fraud is on the rise at auto dealerships, up 38% in 2023.1 Criminals use stolen or “synthetic” identities to facilitate vehicle theft by securing approval for a loan in someone else’s name. Synthetic fraud combines information available for purchase with stolen or falsified documents to “prove” an identity. Don’t let today’s decisions lead to surprising repercussions. RECOGNIZE COMMON RISKS QUICKLY Auto dealers identified email phishing, including BEC, as the most prevalent cyber threat in 2023.1 Other top threats dealers experienced in 2023 included (in descending order): 1. Ransomware. 2. Infection by PC viruses and malware. 3. Theft of business data. 4. Criminals enter email and systems using stolen or weak passwords. Protect Your Dealership From Fraud and Cyber Threats Learn About the Latest Fraud and Cyber Threats, How To Defend Against Attacks and What To Do if You’re a Victim of Cybercrime By Lyubena Smith, CTP, Treasury Sales Manager and Pamela Garrison, Treasury Consultant for Truist Dealer Services, in partnership with Paula Mashburn, CPA, CFE, Partner with HHM CPA firm vada.com 21

RkJQdWJsaXNoZXIy MTg3NDExNQ==