TIMONIUM, Md.—The biggest threat to a dealership, according to Helion Automotive Technologies, is its employees. And according to the firm, hackers are targeting dealerships and their accounting and F&I departments.

Helion claims that international crime organizations are using targeted email scams that are designed to trick employees into performing actions that will result in their dealerships becoming vulnerable to an attack.

“The increase in the number of organized attacks in the last year is astounding, and auto dealers need to be on alert,” said Erik Nachbahr, president of Helion. “In addition to the volume of attacks, the level of sophistication and research involved is frightening.”

Hackers who break through dealership networks have the ability to gain access to dealership login credentials, dealership and customer bank account and routing numbers, and other private customer information, according to the company.

Helion provided an example of an actual incident:

A virus was downloaded in an email attachment onto the F&I Manager's computer. The virus tracked every website visited and every keystroke. Hackers were able to use the information to login into credit bureau sites and extract credit reports for more than 200 customers before they were caught. This incident ultimately cost the dealer more than $150,000.

According to Helion, security software and firewalls can’t stop an attack like this because the attack originates from an employee email. These email attacks are targeted and are designed to look as if it were sent from within the organization.

These attacks are called spear phishing attacks and to prevent them, Nachbahr recommends that dealerships verbally verify all requests for wire transfers. He also recommends dealerships have a cyber-liability insurance policy in place. Employees should be trained on cyber warfare tactics, he said, and all software patches should be regularly updated.

Helion Automotive Technologies is an information technology (IT) provider for dealerships.