Scam Alert

Scam Alert: Hacker Uses Email Rules To Bypass Sales Manager

An NHADA member has reported the use of email rules as part of an attempt to intercept a sale of a high-end vehicle. The instance occurred last week when a hacker got into our member's GoDaddy control panel. In the settings, they set up 10 rules that resembled:

When a new message arrives that meets the condition:

[From] is: [Customer Name]

Do the following:

[Move to Folder]: Archive

Because of these rules, the Sales Manager never saw the email correspondence with the customer; this ultimately let the impersonator act as said Sales Manager. 

The impersonator proceeded to switch the bank which the payment was to be wired to—ultimately collecting payment. Thankfully the fraudulent activity was detected and the sale was completed as planned.

Please let this be an important reminder to avoid a scenario like this by:

  • Contacting your email provider to enhance your level of security, preferably to the top tier.
  • Periodically checking your email "rules" — if you are in the midst of an important sale and you stop receiving emails from the customer, this is a good tip-off that something could be going wrong.
  • Contacting your IT provider to further enhance your security.
  • Enrolling your staff in an Automated Security Awareness program such as KnowBe4. Training like this could prevent potential disasters.