In the wake of the recent global CrowdStrike outage, cybercriminals are targeting automotive dealerships with sophisticated phishing attacks. They are creating counterfeit domain addresses that mimic CrowdStrike’s, deceiving dealers into believing they are communicating directly with the company.
Dealers should be aware that it only takes one employee misled by these fraudulent communications to open the door to a potential data breach at the dealership. Successful breaches can lead to ransomware attacks that seize control of dealership systems, denying access until a ransom is paid.
Dealership IT personnel should promptly block the identified counterfeit domains listed in the first link below (whether or not they are current users of CrowdStrike). They should also educate all employees about the red flags typically found in phishing emails.
Below are some resources for dealers to utilize:
- For a detailed breakdown of this attack, an example of a CrowdStrike phishing attack already identified, and to access an updated copy-and-paste list of the known fraudulent domains, click here.
- To RSVP for the upcoming NADA webinar on August 6, featuring Black Breach’s discussion for dealerships on cyber threats, the legal liabilities they pose, and FTC Safeguards compliance, click here.
- Other federal government resources related to the CrowdStrike outage are available here.