How Can Social Engineering Hurt Your Dealership
October 28, 2021
Many manufactured home dealerships are falling victim to advanced social engineering attacks, which are more frequent now than they used to be. Although these attacks have become more sophisticated and use more advanced techniques, the reason for their prevalence is that social engineering tactics are relatively easy to implement. This can be especially risky for any business that collects and stores large amounts of sensitive customer information. Even with cyber liability coverage in place, there are a few things you need to know in order to protect yourself and your dealership from social engineering attacks.
How Social Engineering Works
Before you can proactively protect your business from social engineering attacks, you must first understand what social engineering is. In short, social engineering is the act of tricking people into divulging confidential information in order to gain access to data, computer systems, and/or buildings.
This is most often done by manipulating a negotiation or falsely befriending people until they feel comfortable enough to reveal information on their own. Usually, social engineering works because it is subtle and doesn't present itself as an outward attack on the security. What's more, there may not be any discernible red flags, which typically occur when hackers are trying to breach a security feature in your system. Instead, they are just waiting for someone to give them the password, so they can gain access to everything you have stored in your system.
Why You Need to Be Worried
Social engineering poses a variety of risks to small and large businesses alike. One of the best ways to protect your dealership and customers from the undesirable consequences of a social engineering attack is to be able to identify the most common types of attacks, such as:
- Phishing - Common phishing tactics include deceptive emails that claim to be from reputable or trusted sources. For example, an agent of yours may receive a phishing email that pretends to come from a bank. In order to verify his or her identity, the agent may be required to reply with his or her account number, full name, birth date, and social security number. In this case, the sender is trying to steal personal information.
- Vishing and Smishing - These two manipulative techniques involve the use of other communication methods, such as phone calls and text messages. As an example, a fraudster may contact your dealership pretending to be a customer. He or she will ask lots of questions, trying to get enough information to achieve his or her goal. To provide as many details as possible, your employees might unwittingly disclose confidential information.
- Pretexting - Sometimes, attackers use false identity and create different scenarios to trick victims into giving up information. One of your agents, for instance, may receive a call from a person pretending to be from the IRS. The caller may require passwords or bank information, which could then be used to make fraudulent purchases that may cost you a lot of money.
When it comes to consumer data, there is a separate set of concerns as well. As you may already know, cyber liability coverage is available to protect you and your dealership against data breaches. It can help you cover the costs of recovering data and securing your system once more. However, it can't fix the damage to your brand's reputation that typically results from a security breach. In addition, some policies only cover specific types of data breaches, and will not protect you if the bad actor obtained access through negligence on the part of your staff. Furthermore, some policies may not cover the third parties that may be providing IT services for your dealership. Thus, it is extremely important that you take the time to research cyber liability coverage in depth and determine which policy is best for your business.
With so much business being conducted online these days, it's easy to see why the practice of social engineering is becoming more frequent. Even if you're not familiar with the term, your dealership could be at risk of social engineering attacks, especially that increasing numbers of potential manufactured homebuyers are asking questions about manufactured homes and the financing options available. If your agents aren't prepared, they could let too much information slip out, arming potential attackers with the ability to manipulate future transactions or giving them access to information they shouldn't have.
Cyber liability insurance offers at least one source of security and protection against these types of attacks, but the best protection is always more education for you and your team members. It is extremely important that all agents understand what social engineering is and how it may be used against them online, over the phone, and in person. This is the only way to mitigate the risk to your dealership long term. For more details on how cyber liability insurance can protect your business from social engineering attacks, contact us here.