Accredited Member

Let’s Talk 02 9058 5838

Suite 2.11, 11-13 Solent Circuit Norwest NSW 2153

pexels-pixabay-60504

Car dealerships targeted by cyber attacks as troubling industry trend emerges

Experts are advising that cyber security should be a focal point for the car industry as scammers are getting more sophisticated at deceiving buyers.

Cyber security is a big threat facing the car industry, a leading industry body said, as key car makers have been hit by hackers in recent months.

James Voortman, CEO of the Australian Automotive Dealers Association (AADA) said that cyber security will be on the agenda at the forthcoming 2024 Convention and Expo later in July.

“It’s a massive issue for the whole economy, but if you think of dealers – we’ve got information on the people who buy cars from us, we’ve got information on their vehicles, on the finance and insurance process, sensitive information and pretty sort of prized information for hackers,” he told the publication Drive.

 “We’ve seen quite a few public companies [globally] full victim. We’ve seen our biggest public company, Eagers, get hacked. Nissan had an incident too. There have been a number of other ones that don’t necessarily make the news.

“There’s a real effort to try and introduce this cyber security consciousness into our industry.”

Convention Director Patrick Tessier OAM said the problem is widespread in the car industry.

“James gave you one example, I could probably give you 10, where there’s dealers who are battling fraud, change of invoice details, customers getting information that doesn’t come from them, and how do they protect themselves inside their systems from that.”

The convention aims to inform goers of cyber security issues, educate dealers and staff on how to handle legal data and their obligations to customers, how to protect themselves and what risks there are.

Another topic that will be discussed is what problems hackers will present beyond the retail level, but also through the increasing connectivity available in our cars.

“It’s definitely on the horizon,” Mr Voortman said. “The ability is there to do it. And obviously in the US they’re having an inquiry into the security of Chinese vehicles over that whole issue.”

Japanese car manufacturer Nissan was a victim of cyber criminals in December last year. A notice published on the Nissan Australia website at the time confirmed they had suffered a “cyber incident” and warned customers that their data may have been compromised.

The online attack impacted Nissan’s systems in Australia and New Zealand and affected as many as 100,000 customers.

Of those that were impacted, it’s believed that up to 10,000 people had their government identifications jeopardised. Approximately 7,500 driver’s licenses, 4,000 Medicare cards, 1,300 tax file numbers and 220 passports were compromised.

The remainder of those affected were said to have had their personal loan-related information accessed including bank statements, payslips, and other details like their date of birth.

In May this year, Nissan confirmed that the third-party call centre it allocated to handle the first cyber incident had also suffered a data breach.

From information posted on the Nissan Australia website in May 2024, Nissan outsourced the task of creating an external call centre dedicated to helping manage customer enquiries to the company OracleCMS.

Conversely, on the 15th of April this year, OracleCMS were made aware that its systems were breached in a separate cyber-attack.

There were isolated incidents involving hackers intercepting invoices from car companies and replacing the bank details for car payments to be made to with their own details.

A Melbourne couple inadvertently paid $139,000 to scammers after cyber criminals altered their invoice from Mercedes-Benz Australia for the purchase of their GLE 400.

Instead of the payments going to Mercedes-Benz, the money was transferred into the account of the hackers. The matter has been taken to the Victorian County Court to decide who is liable—the couple or Mercedes-Benz.

Australians are being advised to check payment details directly with a business before paying an emailed invoice, following a rise in losses due to payment redirection scams.

In 2023, Australians reported losing $16.2 million to payment redirection scams. While the total number of reports to Scamwatch decreased by 28 per cent, the total amount lost went up by three per cent, demonstrating that Australians lost significantly more money per scam last year compared to 2022.

“Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,” Deputy Chair of the Australian Competition and Consumer Commission (ACCC), Catriona Lowe, said.

 “These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.

“This scam is hard to detect because the scammer will either hack into the email system of the business or impersonate the business’ email address by changing as little as one letter.”

Industries that are most frequently targeted by this scam are those that regularly deal with large transfers of money including real estate, legal and construction sectors however Scamwatch is increasingly receiving reports that car dealerships and their customers have been targeted.

request-quote-icon-blueRequest a Quote

Simply fill out your details below in order to request a quote from us. We will be in contact with you shortly after.

Our Main Financiers Include