IRS warns car dealers of phishing blitz after data breach

The Internal Revenue Service has issued a warning to dealers and car buyers urging them to stay vigilant against scams and phishing attempts after the CDK Global DMS breach.

Why this matters: This marks the latest sign of heightened awareness over automotive cybersecurity, following a sharp increase in the number of attacks targeting the sector. With the safety of both businesses and consumers on the line, it will take an industry-wide effort to address the rising threat. 

What types of threats do dealers face?

In a post on its website, the IRS said it has seen a “barrage of email and text scams targeting businesses and individual taxpayers.” 

Dealerships should be especially cautious of two types of scams: phishing and smishing.

Phishing is when a scammer poses as a representative from an actual organization, typically via email. These attempts were especially prevalent in recent weeks when dealers received a wave of emails from bad actors pretending to work for CDK Global, resulting in at least one case of stolen data.

Smishing is usually accomplished via text and refers to scam messages that try to scare the recipient into revealing private information. For example, the text may say that a car dealer’s account was locked due to suspicious activity. In some cases, recipients may even be asked to call a phone number to restore access, where they will be asked “security questions” tailored to obtain the actual account information.

What does the IRS recommend?

To protect themselves, the IRS urges dealers to take the following steps:

• Don’t answer phishing or smishing attempts, or click on url links in these messages.

• Don’t open attachments in suspicious emails.

• Do delete emails that may be scams, and forward the address or email header to [email protected].

More awareness: The automotive community is becoming more aware of the risks associated with poor cybersecurity, especially in light of recent events. A study published by CDK Global earlier this year found that 89% of dealers were more worried about their digital safety than last year, 12% more than in 2023.

But heightened awareness can only do so much without effective defense mechanisms, features that the industry seems to be lacking. Only 37% of dealers in CDK’s study felt current cybersecurity solutions were effective, representing a decrease of 21% from 2021.

Bottom line: The more dealers are aware of how scammers function, the better they can protect themselves and their customers. But keeping the industry safe will take a concerted effort from all parties involved, making it essential for vendors, automakers, and suppliers to take the threat seriously.

Become an automotive insider in just 5 minutes.

Get the weekly email that delivers transparent insights into the car market.

Join 70,000 others now, it's free:

Thinking about buying a used car? Bumper.com's vehicle history reports can give you essential information about a vehicle's past, including damage history and title history.

Plus, you can find the estimated market value of a vehicle to help ensure you're getting a fair deal.

Visit Bumper.com to explore our reports and help ensure you have the information necessary to make a well-informed purchase.

Avoid unexpected surprises and shop smarter with Bumper.com. Search for the details you need to confidently find your next vehicle.