Pub. 17 2018-2019 Issue 1

N E W J E R S E Y C O A L I T I O N O F A U T O M O T I V E R E T A I L E R S 35 new jersey auto retailer W W W . N J C A R . O R G asked the controller to please send the wire transfer to a different account number. The controller obliged and proceeded to wire $251,000 to the new bank account. The money immediately disappeared. The entire incident took under two hours to complete. If your dealership hasn’t already been targeted in a similar incident, just wait. Auto dealers are prime targets for phishers because it’s not uncommon to wire large sums of money. The good news is that it’s relatively easy to prevent this type of phish- ing attack, if you take the time to educate your employees. There are four simple rules that, if followed, will keep your dealership secure. Rule #1: Don’t click on links sent to you in emails ANY link in ANY email is inherently dangerous. If a customer, ven- dor, supplier or anyone sends you a link do not click on it unless you were explicitly expecting it. If the link is to a website, do not use the link to navigate to that website. Open up your browser and manually navigate to the website by typing the company name in the URL bar. Rule #2: Look at the URL bar If you do use a link to navigate to a website, look at the URL bar. In the case above, had the salesperson looked, he would have not seen http://dropbox.com , but a random .org URL with a bunch of strange characters in it. Another thing youmaywant to consider is switching from theChrome browser to Microsoft Edge. MS Edge is a new browser that was built for Windows 10 and was designed with significant security improve- ments, such as blocking websites that it detects are phishing sites. Rule #3: Don’t give away your credentials The only time you should enter your email address, password, ac- count information or credit card number online is if you navigate directly to a website and login. NEVER email or message your in- formation to someone and don’t enter the information on a website that you’ve linked to through an email. Rule #4: Require verbal verification for all wire transfers You can email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. Once the money is wired, there is no way to get it back. In every scenario we’ve seen, a conversation would have immediately thwarted the attack. I highly recommend that all dealerships educate their employees about the four simple rules detailed in this article. Many employees aren’t aware of the threats that are out there and awareness is always the first step to prevention. Erik Nachbahr is President and Founder of Helion Automotive Technologies, a managed technology services provider for auto dealers, withmore than 25,000 computers under management across 650 dealerships and body shops. Erik can be reached at ENachbahr@heliontechnologies.com . Founded in 1927, Gallagher is the fourth largest insurance broker and risk management firm in the world and has been NJ CAR’s distribution partner for the NJ CAR Workers’ Compensation Program for over 15 years. Gallagher is a broker-friendly program manager that honors and protects broker/ client relationships and pays competitive commissions to participating brokers. Recognized by the Ethisphere Institute as one of the World’s Most Ethical Companies for six consecutive year. For more information about NJ CAR’s Workers’ Compensation Program or to obtain a quote, contact Pattie Collins, Area Senior Vice President at Ballagher, at 732.837.9150 (pattie_collins@ajg.com) .