The dealer brought in a tech security expert who helped Shepley set up the proper firewalls and proper data precautions. Additionally, all employees received training. Strict login regulations are enforced, including strong passwords.
But one of the challenges the dealer came across is the paper trail that can be left behind via check payments or other miscellaneous customer information that remains in paper form.
To help avoid problems, Shepley does not store social security or driver license information, according to Howell.
At r.k. Miles, the four-unit dealer based in Manchester, Vt., the IT team has witnessed a significant increase in the plausibility of fraudulent emails; a sign that the crooks keep getting better.
“We’ve been hit with malware, viruses, phishing—it’s getting pretty realistic,” says Lisa Wessner, IT manager at r.k. Miles. “We’ve seen perfect shots of a Pay- Pal screen or credit card company—and if I’m getting these emails that means 100 other people in the company could be receiving these emails.”
While r.k. Miles’ customers can access account info online, there is no exchange of funds as customers are actually interfacing with a server in California—not r.k. Miles’ server.
Threats Close to Home
The most consistent area of vulnerability Tracey Richardson sees is customer transactions and account takeovers. Richardson, vp of credit risk management at BlueTarp Financial, says fraudulent orders are typically placed online and not in person by someone who has gradually taken steps to take over someone else’s account.
Typically it’s someone affiliated with a business—perhaps a disgruntled employee— that is familiar with how their boss buys products. They know how to access the account and a particular dealer.
The gradual takeover is accomplished during a short period of time—adding themselves as a contact to the account, adding their phone number or changing the address of the business. “In a few steps they have taken over the identity of the business,” Richardson says.
Once credibility has been gained, buying goods that can be liquidated fast is usually the next step—work clothes, generators, compressors, high-end tools—all products that can be moved fast and delivered to a fake address.
In other instances, BlueTarp has witnessed criminals taking the name of a valid company and borrowing it.