Amazon gone wrong: A breach story

You LOVE Amazon. And so do approximately 200 million other people. Now what could that possibly have to do with your dealership?

Imagine an average dealership employee, Gary, going about an ordinary Wednesday morning in the F&I office. Gary takes a quick break and decides to do a bit perusing of Amazon on his work computer. Gary looks at the sales, scopes out some possible Christmas presents, and to help with quick access, he saves his login information to automatically sign him in next time.

Fast forward two weeks. Gary was sent a normal-looking email from Microsoft about email account updates for his work inbox. He makes them promptly and then goes about his day. Unfortunately, that email wasn’t really from Microsoft, it was a phishing email. And Gary has just given a cyber-attacker all the information they need to compromise his computer. With access to Gary’s work email, the attacker begins to watch the correspondence coming in and out of his inbox. Because Gary has saved personal information on this computer, the attacker finds he now has the ability to saunter into Gary’s Amazon account. He weasels his way in and manages to purchase roughly $3,000 in Amazon gift cards, making sure to delete the order notification the moment it arrived. All on Gary, of course.

While this action is mainly devastating to Gary, the attacker now also has the ability to impersonate him in order to gain access to even more employee inboxes through the dealership network, all without Gary’s knowledge. The attacker could infect anyone’s work computer with malware or ransomware that, within hours, could spread to all of the devices within the company. This risks putting highly sensitive information about employers, coworkers, and customers into the wrong hands.

While it may feel harmless to keep personal information and accounts on work devices, it can also be incredibly risky. Gary’s personal finances were impacted due to an issue on his work PC, and he may blame the dealership for this. If he hadn’t stored his Amazon data at work, his $3,000 gift card fiasco could have been avoided. In order to ensure data protection is at its strongest, make sure personal transactions and activities remain just that, personal. And if you feel like you may want some guidance on avoiding this scenario, reach out to us. Not only will your future-self thank you later, but so will your dealership.