From fake rentals to theft, scammers are targeting your car

Ever heard of wrapping your key fob in aluminum foil? It sounds out there, but it’s a smart move.

Join 509,000 people who give this free tech newsletter a 4.92/5 star rating.

Sign up now and don’t be left behind.

Your key fob’s signal is surprisingly easy for criminals to intercept. That lets them open your car without setting off any alarms. If you have a true keyless car model, they might be able to just drive away. Wrapping it in foil blocks the signals. 

It’s no surprise your car is a target. It’s probably one of the most valuable things you own. Let’s look at a few scams right now targeting car owners and those shopping for a new ride.

Cloned VIN scam

A Boston woman paid around $40,000 for an SUV on Facebook Marketplace. The Carfax report looked legit, and Maril Bauter received a clean title from the licensing agency. It was smooth sailing for almost three years … until the police seized the vehicle. 

When she bought the 2019 Toyota 4Runner, it was stolen. Bauter was the victim of a VIN cloning scam.

It all starts with a stolen car or perhaps one totaled out by an insurance company. The scammer finds the same make, model and year and takes the VIN from that car. It’s as easy as snapping a picture through the windshield. 

The scammer then changes the VIN plate on the stolen or totaled vehicle to match the one on the clean vehicle. Now, the scammer can create fake documents and complete the sale.

Unfortunately, it’s hard to spot these scams. If you’re in the market and buying from a private seller:

◾ Use a site like Carfax or AutoCheck to look for anything strange with the VIN.

◾ Compare the VIN on the car (near the windshield and in the door) with the title and all the other documents the seller provides.

◾ Look for signs the VIN plate has been switched out. Run your finger over that area.

◾ Consider paying a mechanic or car inspection service to look for major issues or red flags.

Bauter’s story had a happy ending: Her insurance company paid out her claim on the stolen vehicle. That said, not every victim is this lucky so be sure to do your due diligence if you’re in the market for a new vehicle.

Check out a recent Kim Komando Podcast episode: Insurance companies use drones to look at your home

Not the only car scam on Facebook Marketplace

An 18-year-old was arrested in Fort Lauderdale, Florida, for posting his neighbors’ cars for rent on FB Marketplace. The scammer collected deposits and then sent renters to the car owners’ real addresses.

One neighbor said eight people showed up at her house over three weeks. Another got his car smashed by an angry would-be renter. 

◾ Never, ever pay ahead for a rental through a community sales platform. Really, it’s best to stick with a legitimate rental company.

A throwback attack

Cybercriminals can also employ old-school denial-of-service attacks to overwhelm your vehicle and potentially shut down critical functions like airbags, anti-lock brakes and door locks.

This attack is feasible since some connected cars have built-in Wi-Fi hotspot capabilities. As with regular home Wi-Fi networks, they can even steal your data if they infiltrate your car’s local network.

Also, it’s a matter of physical safety. Remember, multiple computers and Engine Control Modules run modern cars. If hackers can shut these systems down, they can put you in grave danger.

◾ Regularly changing your car’s onboard Wi-Fi network password is a must. Turning off your car’s Bluetooth and Wi-Fi is also a good idea when not in use, too.

The built-in monitoring is a security risk, too

Every newer car has an onboard diagnostics port. This interface allows mechanics to access your car’s data, read error codes and statistics and even program new keys.

Anyone can buy exploit kits that can utilize this port to replicate keys and program new ones to use them for stealing vehicles.

◾ Always go to a reputable mechanic. A physical steering wheel lock can also give you extra peace of mind.

Mobile malware

Another old-school internet hack reaches connected cars, specifically models with internet connectivity and built-in web browsers.

Crooks can send you emails and messages with malicious links and attachments that can install malware on your car’s system. Anything is possible once the malware is installed. Car systems don’t have built-in malware protections (yet), so this can be hard to spot.

◾ Practice good computer and internet safety even when connected to your car. Never open emails and messages nor follow links from unknown sources.

Learn about all the latest technology on the Kim Komando Show, the nation's largest weekend radio talk show. Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website.