The Industry's Leading Source For F&I, Sales And Technology

DP's Office

Alert: Phishing Scam Targets Agents

August 16, 2018

Actual examples of phishing emails sent to F&I agency personnel include links designed to give the sender access to saved messages and the ability to send requests for funds. Photos courtesy Central States Family of Companies
Actual examples of phishing emails sent to F&I agency personnel include links designed to give the sender access to saved messages and the ability to send requests for funds. Photos courtesy Central States Family of Companies

OMAHA, Neb. — Hackers are targeting F&I agencies, says Jeff Wanning, senior vice president of operations for the Central States Family of Companies, including four CSO-affiliated agencies in the past three weeks.

“We’re a little bit alarmed,” Wanning said. “I realize they may or not be targeting agencies specifically, but agents need to be aware of how to protect themselves.”

In several cases, the hack was initiated with an apparently official email request for “validation” of the recipient’s Microsoft Outlook account. If an agent or agency staff member were to click on the link within, the person behind the initial message could begin using their accounts to scan old messages for valuable data and send new messages to request funds.

“The first email we got actually made sense. They knew the vernacular. Up until the time they mentioned Hong Kong, we thought it was legit,” Wanning said, suggesting that agents invest whatever resources are needed to train staff against clicking on phishing messages. He said CSO relies on KnowBe4, one of several companies offering online training. “We require each of our employees to go through the 25-minute training module and the test at the end, and every month, the system sends fake scam emails, and we track who clicks on them.”

John Braganini of Great Lakes Companies confirmed his agency was among those affected by the recent wave of hacks. He said an IT expert found the Portage, Mich.-based company’s database was not compromised, possibly indicating a third party, such as Facebook, was the source of the breach.

“It looks like someone got into my contact directory and had been sending out emails, supposedly from me. They put my name into an email and sent an invoice to about 20,000 people,” Braganini said.

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  

CLOSE [X]

READ NEXT

F&I Dealer of the Year Nomination Period Extended to Aug. 24

Dealership employees, general agents, vendors, finance sources, and F&I product providers are encouraged to nominate their stores and dealer clients for F&I and Showroom's F&I Dealer of the Year award, sponsored by American Financial & Automotive Services Inc.