Identity Theft: Real or just in the movies?

Identity theft isn’t just a good movie plot. It’s a real threat to you and the other employees in your dealership. Once upon a time, technical attacks were a dealership’s biggest foe. But more and more, cybercriminals rely on stolen identities to gain access to an organization’s systems. In fact, 80 percent of attacks involved compromised identity or credentials.  Here are the common identity-based attacks that could be threatening your dealership:

Broad-based phishing

Phishing is the most common cybercrime occurring right now. The main characteristic of a broad-based attack is the attacker’s use of a large list of email addresses. The attacker will send a generic phishing email to everyone at once, directing the recipients to a fake login page. All the attacker needs is a few recipients to hand over their login credentials, leaving sensitive data vulnerable.

Spear-phishing

Contrary to the wide net broad-based attacks cast, spear-phishing targets specific individuals. Cybercriminals do in-depth internet research to find their next target. They’ll find personal and professional information about you and use that to create a highly personalized email. It may reference your exact role at the dealership or a recent trip you took. These details are aimed to throw you off and gain your trust. As with all phishing emails, the ultimate goal is to trick users into inputting their credentials into a malicious login page.

Credential stuffing

Humans are creatures of habit, and cybercriminals know that. Many of us are guilty of reusing the same passwords for multiple accounts. For this method of attack, the perpetrator will find credentials from a different data breach and test it on the login for your other accounts. Remember to refresh those passwords and make sure you have a unique password for each of your different accounts!

Password spraying

Maybe you have a different password for every account, but is each one 100% unique and complex? Probably not. Many people still opt for simple, easy to remember passwords even if they are unique. A password spraying attack exploits the common tendency to have easy-to-guess, simple passwords. The attacker uses relevant information to guess likely passwords. Then using automation, they apply one password to every username until one works. This also helps them avoid detection and trigger lockout policies.

With new threats appearing every day and the growth of identity-based attacks, account and password security is as crucial as ever. The key to reducing risk is to use a multi-layered approach. By using multiple security techniques, you can ensure your dealership has the best chance of warding off an attack. The layers include:

Implementing strong passwords

Ask yourself two easy questions: Is your password guessable? Is it used for more than one account? If you answered yes to either of these questions, then it’s time for a new password. If remembering intricate passwords is a concern, use a password manager.

Use multi-factor authentication (MFA)

MFA requires you to provide a second form of authentication when signing in to your accounts. This could include biometric data or a one-time passcode. In the off chance your credentials are stolen, the attacker will be stopped short then they don’t have the MFA code.

By improving your security, you’ll become a cybercriminal’s worst nightmare. Threats are evolving constantly, so it’s up to you to remain vigilant to protect against identity-based attacks. The threat of a modern cyberattack is very real, but with the right tools and the best security team, you can keep on with business as usual.