CDK Global Warns About Phishing Scams As Outage Continues For Dealerships

A pair of cyberattacks against software maker CDK continues to impact thousands of car dealerships and has spurred threat actors to launch impersonation attacks.

The CDK Global outage affecting thousands of car dealerships continued Friday, while the attempts to recover from cyberattacks earlier this week were compounded by reported impersonation scams targeting dealership staff.

While CDK did not immediately respond to a request for comment Friday, a phone number set up by CDK played a recorded message referencing the phishing scams. Attackers have been posing as representatives of CDK or its affiliates, the company said in the message, which was heard by CRN Friday afternoon EST.

“Do not provide sensitive information such as passwords or provide system access under any circumstances,” the recorded message warned.

[Related: In Wake Of Change Healthcare Attack, MSPs Say Health System Is Far Too Vulnerable]

CDK Global, a provider of software used by 15,000 car dealerships, has shut down most of its systems after the cyberattacks struck Tuesday evening and then again on Wednesday evening. Austin, Texas-based CDK provides SaaS-based CRM, payroll, finance and other key functions for dealerships.

While CDK was working to recover from the first attack, the company was struck by a second attack late on Wednesday evening, according to CDK.

“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems,” CDK said in a statement provided to CRN Thursday.

A staff member at a car dealership in New Castle, Pa., said in an email Friday that the dealership has been “severely affected” by the outage. “CDK basically runs our entire store,” the staff member, who declined to be identified, told CRN.

CDK said in its recorded message heard Friday that “in addition to our customer systems, many integration points have been disabled.”

There continues to be no estimate on when CDK’s systems may return to availability, the recorded message said.

“At this time we do not have an estimated timeframe for resolution and therefore our dealer systems will not be available likely for several days,” CDK said in the message.

CDK added in the recorded message that “we are aware that bad actors are contacting our customers and partners posing as members or affiliates of CDK, trying to obtain system access.”

“CDK associates will not and have not been soliciting access or passwords to customer systems or environments. Any request should be immediately treated as suspicious,” the company said in the message. “Please reiterate to your employees the importance of being alert to acts of phishing and take the necessary preventative precautions.”