CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access.

The warning follows ongoing cyberattacks that have hit CDK, forcing the company to shut down its customer support channels and take most of its systems offline.

CDK Global is a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon.

‘Bad actors’ calling CDK customers after cyberattack

On Tuesday, June 18th, CDK Global became aware of a cyber attack on its network that forced it to shut down most of its systems.

The outage led to widespread disruption among car dealerships that rely on CDK’s SaaS platform to track and order car parts, conduct new sales, manage inventory, offer financing and fulfill back-office tasks.

Just as the company was recovering from the ongoing cyberattack, it experienced a second cyberattack on Wednesday, June 19th.

As a result of multiple attacks, CDK is acting out of caution and has stated that its “Customer Care channels for support remain unavailable as a precautionary measure to maintain security.”

In the interim, CDK Global set up automated voice response (AVR) toll-free lines at +1 (855) 356-3270 (English) and +1 (877) 483-7817 (French) to provide customers with status updates on the incident.

When called by BleepingComputer, a prerecorded message played cautioning customers about threat actors now capitalizing on this opportunity to prey on CDK customers who are left with limited support options during this time.

“We are aware that bad actors are contacting our customers posing as members or affiliates of CDK trying to obtain system access,” states CDK’s prerecorded message on its English toll-free line.

“CDK associates are not contacting customers for access to their environment or systems.”

“Please only respond to non-CDK employees and communications.”

Following a high-profile cyber-attack or data breach, it is common for threat actors to start contacting the victim organization’s customers and business partners under the pretense of being affiliates of the company as a form of social engineering.

Threat actors can, for example, initiate unsolicited phishing emails or phone calls to customers that claim to originate from CDK support associates but are not, or indulge in other forms of communications (e.g. fax or snail mail) to facilitate illicit activities or gain further unauthorized access to proprietary systems and financial assets.

CDK Global customers and partners should remain vigilant and refrain from engaging in communications, particularly those impersonating CDK customer support or employees. 

Presently the company says there is no known “estimated time frame for resolution and therefore our dealer systems will not be available likely for several days.”

CDK also advises its customers against performing any DMS tasks right now, while stating that “Digital Retail Application and Data” remains secure.

A complete transcription of CDK’s recorded phone message is provided below:

0:00: Thank you for calling CDK. 
0:02: We continue to act out of caution and to protect our customers in response to the cyber incidents that occurred on June 19th. 
0:09: In addition to our customer systems, many integration points have been disabled. 
0:15: The following applications are available for use: Digital Retail Application and Data is secure. 
0:22: Some integration partners have disabled access and error messages may be experienced. 
0:28: CDK phones, IPNS and Webex calling are working properly. Payroll Plus accessed by a web browser by going to payrollplus.adp.com. 
0:38: No DMS integration task should be performed at this time. 
0:43: We do not have an estimated time frame for resolution and therefore our dealer systems will not be available likely for several days. 
0:51: We will continue to provide updates as they become available. 
0:54: We are aware that bad actors are contacting our customers posing as members or affiliates of CDK trying to obtain system access. 
1:03: CDK associates are not contacting customers for access to their environment or systems. 
1:09: Please only respond to non-CDK employees and communications. 
1:14: As of now, our customer care channels for support remain unavailable as a precautionary measure to maintain security. 
1:22: It is a high priority to reinstate these services as soon as possible. 
1:27: We apologize for the inconvenience this has caused. 
1:30: Please know our teams are dedicated to getting you back to business and keeping you there. Sincerely, CDK customer care. 

A CDK spokesperson earlier confirmed to BleepingComputer that the company is working with third-party experts to assess the overall impact of the attacks and restore services as soon as possible.