CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access.

The warning follows ongoing cyberattacks that have hit CDK, forcing the company to shut down its customer support channels and take most of its systems offline.

CDK Global is a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon. 

'Bad actors' calling CDK customers after cyberattack

On Tuesday, June 18th, CDK Global became aware of a cyber attack on its network that forced it to shut down most of its systems.

The outage led to widespread disruption among car dealerships that rely on CDK's SaaS platform to track and order car parts, conduct new sales, manage inventory, offer financing and fulfill back-office tasks.

Just as the company was recovering from the ongoing cyberattack, it experienced a second cyberattack on Wednesday, June 19th.

As a result of multiple attacks, CDK is acting out of caution and has stated that its "Customer Care channels for support remain unavailable as a precautionary measure to maintain security." 

In the interim, CDK Global reportedly set up interactive voice response (IVR) toll-free lines at +1 (855) 356-3270 (English) and +1 (877) 483-7817 (French) to provide customers with status updates on the incident.

It is understood that these phone numbers were provided to car dealers as a form of "backup support."

When called, however, a prerecorded message was played. The message cautions that threat actors are now calling and preying on CDK customers as they are left with limited support options.

"We are aware that bad actors are contacting our customers posing as members or affiliates of CDK trying to obtain system access," states CDK's prerecorded message on its English toll-free line.

"CDK associates are not contacting customers for access to their environment or systems."

"Please only respond to non-CDK employees and communications."

Following a high-profile cyber-attack or data breach, it is common for threat actors to start contacting the victim organization's customers and business partners under the pretense of being affiliates of the company as a form of social engineering.

Threat actors can, for example, initiate unsolicited phishing emails or phone calls to customers that claim to originate from CDK support associates but are not, or indulge in other forms of communications (e.g. fax or snail mail) to facilitate illicit activities or gain further unauthorized access to proprietary systems and financial assets.

CDK Global customers and partners should remain vigilant and refrain from engaging in communications, particularly those impersonating CDK customer support or employees.

Presently the company says there is no known "estimated time frame for resolution and therefore our dealer systems will not be available likely for several days."

CDK also advises its customers against performing any DMS tasks right now, while stating that "Digital Retail Application and Data" remains secure.

A complete transcription of CDK's recorded phone message is provided below:

A CDK spokesperson earlier confirmed that the company is working with third-party experts to assess the overall impact of the attacks and restore services as soon as possible.