Safeguarding Dealerships Against AI-Driven Cyber Threats

By Bryan Sevener, President/CEO, ValorTech

In this post,  we feature an article by our partner, ValorTech. ValorTech is one of our partners for Managed Detection and Response services and also offers a full suite of Information Technology products and services. In this article by ValorTech’s President and CEO, Bryan Sevener, you will learn how AI is being used by cyber criminals to make phishing attacks increasingly more difficult to detect and what dealerships can do to best protect against these threats.

In today’s digital world, the rise of artificial intelligence (AI) has brought about tremendous advancements in automation, customer service, and even marketing. But alongside these benefits, AI has also armed cybercriminals with tools to create increasingly realistic and sophisticated phishing emails, voice calls, and even deepfake videos. Dealerships, which handle large volumes of financial and personal data, are becoming prime targets for these AI-driven attacks. The threat is real, and dealerships must take proactive measures to safeguard themselves from the risks posed by this new wave of cybercrime.

AI-Powered Phishing Emails: Sophisticated and Deceptive

AI is capable of generating highly convincing phishing emails that mimic legitimate correspondence from vendors, customers, or even internal staff. These emails can be personalized using data harvested from social media profiles or previous breaches. They might look exactly like a message from a trusted business partner, complete with familiar logos, styles, and even the tone of writing used by real employees. The intention is to trick the recipient into clicking on a malicious link or divulging sensitive information, such as passwords or financial details.

In a dealership setting, these emails might request payment details for a “pending order” or ask an employee to log into a fake platform to “verify customer information.” Once the attacker gains access to the dealership’s systems, they can steal customer data, reroute payments, or even install ransomware.

AI-Generated Voice Calls: Impersonating Trust

Beyond emails, AI is also being leveraged to create convincing voice calls. Using AI-powered voice synthesis, cybercriminals can mimic the voice of a company executive or a trusted partner. These calls are often used in what’s known as a Business Email Compromise (BEC) scam, where the attacker impersonates a high-level manager, instructing employees to transfer funds or reveal confidential data.

Imagine a dealership employee receiving a phone call from someone who sounds exactly like their regional manager, urgently requesting a wire transfer to finalize a big deal. Without the proper verification procedures in place, it’s easy to see how an employee might comply, potentially leading to significant financial losses.

Deepfake Videos: A New Frontier for Deception

AI’s ability to create deepfake videos, where individuals’ faces and voices are convincingly superimposed on another person’s body, is opening another front for cybercrime. While deepfakes were initially used to manipulate entertainment content, they’re now being weaponized to deceive businesses.

In a dealership, a deepfake video could be used to impersonate a company executive or an external partner, instructing staff to carry out fraudulent activities. These videos could be part of a highly coordinated attack designed to gain trust and manipulate employees into making critical errors.

How Dealerships Can Defend Against AI-Driven Attacks

As cybercriminals increasingly turn to AI to enhance their attacks, dealerships must also adopt modern cybersecurity strategies. Here are some practical steps dealerships can take to mitigate the risk:

1. Cybersecurity Training and Awareness

The first line of defense is an informed staff. Dealerships should regularly train employees on how to spot phishing attempts, suspicious emails, and fraudulent phone calls. Training should also include the dangers of deepfakes and how they might be used in a social engineering attack. Creating a culture of skepticism—where employees know to verify unexpected requests through alternative channels—can be highly effective.

2. Implementing Multi-Factor Authentication (MFA)

Multi-factor authentication is one of the most effective ways to prevent unauthorized access to sensitive systems. Even if a phishing email successfully captures login credentials, MFA requires additional verification, such as a text message or authentication app, which blocks unauthorized access.

3. Use of AI in Security

AI isn’t only a tool for attackers—it can be a powerful asset for defenders too. Dealerships should invest in AI-powered cybersecurity solutions that monitor for unusual behavior, flag suspicious communications, and detect potential phishing attempts in real-time. These solutions can analyze patterns that may go unnoticed by human employees, providing an additional layer of protection.

4. Robust Verification Protocols

Establishing strict verification protocols can help mitigate the risk of voice- and video-based scams. For example, employees should be required to verify any financial transactions or sensitive requests through multiple communication channels. If a manager requests a wire transfer via phone, a follow-up email or in-person verification should be mandatory.

5. Data Encryption and Network Security

Encrypting sensitive customer and financial data is critical to ensuring that, even if systems are compromised, stolen information remains unreadable. Strong network security, including firewalls, intrusion detection systems, and regular security audits, should be part of every dealership’s cybersecurity framework.

6. Partnering with Cybersecurity Experts

Given the increasing complexity of AI-driven attacks, it can be beneficial for dealerships to partner with cybersecurity firms that specialize in defending against these types of threats. Managed IT services providers can monitor for suspicious activity, ensure software and security protocols are up-to-date, and provide rapid response in the event of an attack.

Proactive Protection in the Age of AI

As AI continues to evolve, so too will the cyber threats that target businesses, including dealerships. While the technology behind phishing emails, voice calls, and deepfake videos is becoming more advanced, dealerships don’t have to be helpless. By implementing information and cybersecurity best practices, leveraging AI-powered defense tools, and fostering a culture of caution and verification, dealerships can stay ahead of these sophisticated attacks. In a world where AI-driven threats are only set to grow, vigilance and preparedness are key.

Accelerate2Compliance can help you build an information security program that grows with you and the emerging threats your dealership faces. Contact A2C at 844-637-5511 or [email protected] to discuss how their Managed Detection and Response products and Anti-phishing simulation training can help you address this emerging threat.