AUTOMOBILE DEALERSHIPS

Accounting & Cybersecurity Fraud in The Auto Dealership

25 October 2021

On October 22, 2021 O’Connor & Drew, P.C. and OCD Tech Principals Frank O’Brien and Michael Hammond presented at The Connecticut Automobile Retailers Association Seminar on Dealership Fraud Prevention focusing on Accounting Fraud and Cyber Fraud respectively.

“Typically we’ve found over the years that the 70% rule applies,” says Frank O’Brien.  “Roughly 30% of employees are honest, 30% are dishonest, and 40% have the capability of being dishonest if given the right circumstances.  TTherefore, we have to do our best to not provide those employees the right circumstances or opportunity to commit fraud in the first place.”

This is done by ensuring that a dealership has strong internal controls, involved Management with the correct amount of authority, and for dealers to not rely on trust alone.  In his presentation found here, Frank outlines common fraud schemes and how to prevent them from happening.  Frank has been in charge of the Fraud / Forensic Accounting practice at O’Connor & Drew, P.C. for more than 20 years.  He leads a team of in-house experts on fraud and dealership operations and the firm services more than 300 dealership clients

accounting and cyber fraud

The key to a great cyber defense is a great cyber offense.  Cyber criminals do not discriminate in terms of who they attack.  They often go for the easiest target rather than the largest one and their methods of attack are the same as they were pre-pandemic. 

Primarily, hackers try to comprise your network through phishing emails by trying to entice employees to click on fraudulent links.  Another way is through gaining access to unsecured networks.  “Hackers do not even have to be onsite to break onto your network,” says Michael Hammond.  “They could be in range at the coffee shop across the street.  Oftentimes, they gain access to your guest Wi-Fi network and through misconfiguration can then access your production network.”

Michael’s full presentation, which can be found here also describes OCD Tech’s password cracking methods and how they utilize regular store bought computer equipment to easily crack passwords less than 14 characters long within 2 weeks.  In addition, Michael gave dealers a glimpse into the tools that threat actors use to locate email addresses and other employee information to attempt to pose as familiar faces to trick employees into providing them with sensitive information.

OCD Tech has grown exponentially year over year since its inception and currently employs more than thirty (30) IT Audit and Cybersecurity professionals catering to clients across a multitude of industries including but not limited to Auto Dealerships, Financial Institutions, Fortune 500 companies, and not-for-profits.      

Want new articles before they get published? Subscribe to our Dealer Details Newsletter.