Cyberattacks are on the rise for small and mid-sized businesses.

Help your dealership mitigate cyberattacks by recognizing malicious attempts to infiltrate your business and software.

The last two years have seen a significant uptick in cyberattacks, as criminals took advantage of the rapid digital transformation to exploit gaps and weaknesses in online security. Cyberattacks reached an all-time high in Q4 of 2021 (1). Now in Q1 of 2022, cybersecurity continues to be one of the biggest concerns for businesses.

The ARI team is rolling out resources to help business owners and employees mitigate cyberattacks. Our 2021 cybersecurity guide revealed the five most common email scams and how to avoid them. Now we’re addressing some new (and more niche) scams that are affecting individuals and businesses alike.

Here are three ways cybercriminals may try to take advantage of you – and how you can stop them:

Unsafe Email Attachments

You may already know not to open an attachment that ends in “.exe,” but did you know that PDFs and Word documents can be unsafe, too? Attachments sent from cybercriminals could cause your computer and networks to be compromised, hacked or full of ransomware.

Signs an email attachment is unsafe to open:

  • You received it unexpectedly. If you weren’t anticipating an attachment from a coworker or vendor, don’t touch it unless you can verify it’s safe.
  • You don’t recognize the sender. If the email was sent by a person or business you don’t recognize, be wary of its contents. Unless you’ve recently interacted with the other party or signed up to receive their email content, don’t trust the email and don’t click on the attachment.
  • The email address is incorrect. Cybercriminals may try to imitate a person or brand you know to deceive you, but they can’t completely replicate a credible email address. Doublecheck the “from” email to ensure its correct.

If you received an email attachment from someone you know but weren’t expecting, contact them by phone or in person to verify the email is legitimate.

RULE OF THUMB: Never open an email attachment if you don’t know who sent it or why you received it.

QuickBooks Payment Scams

Many small and mid-sized businesses use QuickBooks by Intuit to manage their accounting and send invoices via email. Cybercriminals have recognized QuickBooks’s popularity and are using it to send BEC scams – they pose as a vendor and send a fake invoice to con you into sending them money. They may also require you to use ACH (automated clearing house) method, in which you include your business’ bank account information.

Invoices sent to your email from QuickBooks will arrive from If the legitimate domain is not listed, or the QuickBooks invoice is sent from the vendor, the email is likely fake.

REMEMBER: Don’t interact with an email if you don’t recognize the sender.

Phone-Based Scams

If your dealership’s phone number is listed publicly, such as on a digital ad, print ad or your website, cybercriminals may use it to contact you pretending to be a prospect. Then, they could send you a Google authentication code and ask you to send them the code as proof you’re a legitimate business and not a scam (ironic, isn’t it?). The code allows them to use your phone number to create a Google Voice account.

Google Voice is a service that provides virtual phone numbers, and an account must be linked to a real phone number to trace activity back to the user. Cybercriminals can then use their Google Voice number to anonymously run other phone-based scams. Having the authentication code could also give them access to your Google account.

To prevent these scams, encourage wary prospects to call or visit your business if they want to confirm your legitimacy. Never share an authentication code with another person.

Maintain Constant Vigilance

Double- and triple-checking your emails and customer interactions can seem tedious, but it’s far better than falling victim to a cyber scam. Cybercriminals are always finding new ways to manipulate technology, but one thing they can’t undermine is a vigilant employee. You are your dealership’s strongest security defense, which is why it’s crucial to remain aware of and up to date on cyberattack strategies.

Remember, you’re not alone in protecting your business from cyberattacks. Connect with ARI today if you would like to speak with our digital experts for tips to strengthen your cybersecurity.


(1) Forbes