CDK Global has alerted customers to fraudulent individuals posing as CDK agents or affiliates in phone calls to gain unauthorized access to systems.
This warning comes in response to ongoing cyberattacks targeting CDK, which have compelled the company to shut down its customer support channels and take most of its systems offline.
CDK Global is a software-as-a-service (SaaS) platform utilized by thousands of car dealerships across the United States.
‘Bad Actors’ Target CDK Customers Following Cyberattack
On Tuesday, June 18th, CDK Global discovered a cyberattack on its network, prompting the company to shut down most of its systems.
This outage caused significant disruption among car dealerships that depend on CDK’s SaaS platform for tracking and ordering car parts, conducting new sales, managing inventory, offering financing, and fulfilling back-office tasks.
While recovering from the initial cyberattack, CDK faced a second attack on Wednesday, June 19th.
In light of these multiple attacks, CDK is taking precautionary measures, stating that its “Customer Care channels for support remain unavailable as a precautionary measure to maintain security.”
In response, CDK Global reportedly set up interactive voice response (IVR) toll-free lines at +1 (855) 356-3270 (English) and +1 (877) 483-7817 (French) to provide customers with status updates on the incident.
BleepingComputer understands that these phone numbers were provided to car dealers as a form of “backup support.”
However, when BleepingComputer called these numbers, a prerecorded message played. The message cautioned that threat actors are now contacting CDK customers, exploiting their limited support options.
“We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK to obtain system access,” states CDK’s prerecorded message on its English toll-free line.
“CDK associates are not contacting customers for access to their environment or systems.”
“Please only respond to non-CDK employees and communications.”
Following a high-profile cyberattack or data breach, it is common for threat actors to contact the victim organization’s customers and business partners, pretending to be company affiliates as a form of social engineering.
For example, threat actors may initiate unsolicited phishing emails or phone calls to customers, claiming to be from CDK support associates but are not, or use other forms of communication (e.g., fax or snail mail) to facilitate illicit activities or gain unauthorized access to proprietary systems and financial assets.
CDK Global customers and partners should remain vigilant and refrain from engaging in communications, especially those impersonating CDK customer support or employees.
The company has stated that there is no known “estimated time frame for resolution, and therefore our dealer systems will not be available likely for several days.”
CDK also advises its customers against performing any DMS tasks at this time, while assuring that the “Digital Retail Application and Data” remains secure.
A complete transcription of CDK’s recorded phone message is provided below:
0:00: Thank you for calling CDK.
0:02: We continue to act out of caution and to protect our customers in response to the cyber incidents that occurred on June 19th.
0:09: In addition to our customer systems, many integration points have been disabled.
0:15: The following applications are available for use: Digital Retail Application and Data is secure.
0:22: Some integration partners have disabled access and error messages may be experienced.
0:28: CDK phones, IPNS and Webex calling are working properly. Payroll Plus accessed by a web browser by going topayrollplus.adp.com.
0:38: No DMS integration task should be performed at this time.
0:43: We do not have an estimated time frame for resolution and therefore our dealer systems willnot be available likely for several days.
0:51: We will continue to provide updates as they become available.
0:54: We are aware that bad actors are contacting our customers posing as members or affiliates of CDK trying to obtain system access.
1:03: CDK associates are not contacting customers for access to their environment or systems.
1:09: Please only respond to non-CDK employees and communications.
1:14: As of now, our customer care channels for support remain unavailable as a precautionary measure to maintain security.
1:22: It is a high priority to reinstate these services as soon as possible.
1:27: We apologize for the inconvenience this has caused.
1:30: Please know our teams are dedicated to getting you back to business and keeping you there. Sincerely, CDK customer care.
A CDK spokesperson confirmed to BleepingComputer that the company is collaborating with third-party experts to evaluate the overall impact of the attacks and expedite the restoration of services.
Source: BleepingComputer, Ax Sharma
