Social Engineering

Social engineering in a security context is the manipulation of people into performing actions or divulging confidential information. In dealerships, this can occur if someone pretends to be a legitimate party (like a fellow employee, a vendor, or even a customer) to trick staff. For example, an attacker might call the accounting office claiming to be from the dealership’s bank and request account passwords, or pose as an IT technician to get access to the DMS. Social engineering bypasses technical security by exploiting human trust or authority. Canadian dealerships combat this by training employees to verify identities and requests (like calling back known contacts or checking with a manager) before sharing sensitive info or granting access. Recognizing techniques such as pretexting, baiting, or tailgating (physically following someone into a restricted area) is part of maintaining a secure environment.