Skip to main content

Taxes

IRS Warns Car Dealers and Sellers About Phishing Scams

A recent ransomware attack that impacted car dealerships prompted the IRS to alert vehicle dealers and sellers about these schemes.

The IRS on July 11 reminded car dealers and sellers to be aware of evolving phishing and smishing scams that could impact day-to-day operations of the business.

Last month, CDK Global, a key supplier of specialized software systems for vehicle sales and service, fell victim to a massive ransomware cyberattack. The programs many car dealers use to manage inventory, chalk up sales, register new vehicles, and perform other essential tasks were abruptly halted.

Hackers affiliated with a Russia-based criminal operation called BlackSuit reportedly took over CDK’s systems and demanded tens of millions of dollars to relinquish control. The cyberattack went on for several days before CDK could even start to restore its service.

As this was happening, car dealers had to scramble, resorting to paper and pen to record vehicle orders by hand and relying on workarounds for everything from insurance and financing to service and repairs. The disruption resulted in long delays and lost orders.

In light of the recent ransomware attack, the IRS is warning car dealerships and their employees to remain vigilant against these attacks. Fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information, or downloading a malware file onto their computer.

“Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic,” the agency said in a media release. “The IRS urges car dealerships to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.”

Car dealerships should be alert to fake communications posing as legitimate organizations. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable information that can lead to identity theft or malicious malware installed on computer systems, the IRS said. There are two main types:

  • Phishing: An email sent by fraudsters claiming to come from a legitimate source. The email lures the victims into the scam with a variety of ruses such as enticing victims to provide sensitive information.
  • Smishing: A text or smartphone SMS message where scammers often use alarming language such as, “Your account has now been put on hold,” or “Unusual Activity Report,” with a bogus “Solutions” link to restore the recipient’s account.

Never click on any unsolicited communication as it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.

In some cases, phishing emails appear to come from a legitimate sender or organization that has had their email account credentials stolen. Setting up two-factor or multifactor authentication with their email provider will reduce the risk of individuals having their email account compromised, the IRS said.

Posing as a trusted organization, friend, or family member remains a common way to target individuals and businesses for various scams. Individuals and businesses should verify the identity of the sender by using another communication method, for instance, calling a number they independently know to be accurate, not the number provided in the email or text.

What to do

  • Never respond to phishing or smishing or click on the URL link.
  • Don’t open any attachments. They can contain malicious code that may infect the computer or mobile phone.
  • Don’t click on any links. If a taxpayer inadvertently clicked on links in a suspicious email or website and entered confidential information, visit the IRS’s identity protection page.
  • Send the full email headers or forward the email as-is to phishing@irs.gov. Don’t forward screenshots or scanned images of emails because this removes valuable information.
  • Delete the original email.