Internet threats in the Automotive Industry
Editor’s Note: The following press release was issued to us from Symantec. While we have no reported cases of phishing on Autoworld, there is no harm being a little vigilant and keeping ourselves aware of the latest ways people use to scam you of your money. We have, however, encountered cases of outright con postings on our Used Car section, which we have promptly removed.
Symantec State of Spam & Phishing: September Report has highlighted the following trend in the Automotive Industry:
Phishers Target Automotive Sales Brands
In the past couple of months, Symantec has observed phishing attacks on legitimate automotive sales brands that are based in the UK and the USA. These brands help customers to sell new and used vehicles such as cars and motorcycles. The legitimate websites also provide customers with the ability to advertise the vehicles they wish to sell.
There were several phishing sites created to harvest customers’ confidential information. The phishing sites were hosted on free Web hosting domains. In one of the phishing sites, the page stated that the brand was offering customers the opportunity to advertise for free.
The customer was required to complete an identity verification (that was fake) to take advantage of the free offer. The verification process prompted for the customer’s email address, the ad’s ID, and a security question with an answer. In this attack the fraudsters attempted to convince customers that the phishing page was authentic by providing the caption “We fight fraud for you!!” On the contrary – if customers fall victim to the phishing site, the fraudsters will have succeeded in stealing their identities.
A second phishing site stated that the customer’s account was being kept “on-hold” and that he or she had to sign in to re-activate the account. After login information is entered, the page redirects to the legitimate site.
Still other phishing sites using similar scams asked for confidential information, including the customer’s contact details and credit card details. These particular phishing sites stated that the information was required to make a payment towards purchasing the vehicle that had been selected by the customer. The contact details requested included the customer’s name, address, phone number, and email address. The credit card details included the credit card number, card expiration date, and security code. The primary motive behind these phishing attacks was financial gain.
Symantec security checklist: Protecting your business, your employees and your customers:
Do:
• Unsubscribe from legitimate mailings that you no longer want to receive. When signing up to receive mail, verify what additional items you are opting into at the same time. De-select items you do not want to receive.
• Be selective about the Web sites where you register your email address.
• Avoid publishing your email address on the Internet. Consider alternate options – for example, use a separate address when signing up for mailing lists, get multiple addresses for multiple purposes, or look into disposable address services.
• Delete all spam.
• Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
• Always be sure that your operating system is up-to-date with the latest updates, and employ
a comprehensive security suite. For details on Symantec’s offerings of protection visit http://www.symantec.com.
• Consider a reputable antispam solution to handle filtering across your entire organization such as Symantec Brightmail messaging security family of solutions.
• Keep up to date on recent spam trends by visiting the Symantec State of Spam site which is located here.
Do Not:
• Open unknown email attachments. These attachments could infect your computer.
• Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
• Fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message).
• Buy products or services from spam messages.
• Open spam messages.
• Forward any virus warnings that you receive through email. These are often hoaxes.
