Phishing Scams Target Automotive Sales Brands
Over the past couple months, cybercrooks have been launching phishing attacks on legitimate automotive sales companies based in the U.S. and the UK, according to security firm Symantec Corp.
These legitimate companies, which sell new and used vehicles including cars and motorbikes, also let customers advertise vehicles they wish to sell, according to a blog post on the Symantec website.
The cybercriminals created several phishing sites designed to harvest customers’ confidential information, according to Symantec employee Mathew Maniyara. Phishing is a process used by cybercriminals to acquire a user’s personal information by pretending to be a trustworthy entity.
Maniyara said one of the phishing sites said the company was offering customers the opportunity to advertise for free. In order to take advantage of the offer, a customer was then required to enter his personal information including email address, the ad’s ID and a security question with its answer. However, entering personal information would put the customer at risk for fraud.
Maniyara said in this particular attack the fraudsters even tried to convince customers that the phishing page was authentic by providing the caption: “We fight fraud for you.”
“On the contrary, if customers fall victim to the phishing site, the fraudsters will have succeeded in stealing their identities,” Maniyara said in the blog post.
Another phishing site told the customer his account was being kept “on-hold” and asked that he sign in to reactivate the account, Maniyara said. But after the login information was entered and captured by the criminals, the page redirected the customer back to the legitimate site.
Maniyara warned that other phishing sites using similar scams asked for confidential information, including the customer’s contact details and credit card details so the customer could make a payment toward purchasing a vehicle that he had selected. The cybercriminals asked for the customer’s name, address, phone number, and email address as well as his credit card number, card expiration date, and security code.
“The primary motive behind these phishing attacks was financial gain,” Maniyara said.
Here are some basic tips for avoiding online scams:
- Do not click on suspicious links in email messages.
- Check the URL (address) of the website and make sure that it belongs to the company.
- Type the website address of a company directly into your browser’s address bar rather than following any link.
Experts also suggest you frequently update your security software, which protects you from online phishing attacks.
