Protection Against Phishing

At CDK, we take electronic communication abuse very seriously and are focused on proactively safeguarding our clients’ private data. We use stringent measures that protect against phishing, which is an attempt to acquire sensitive, personal information such as usernames, passwords, bank account information and credit card numbers by posing as a trustworthy source through email or text communication.

Most often, these cyber criminals try to lure people with fake emails or text messages indicating a problem with a bank account, credit card, or even a payroll question that must be answered “right away.” Other tactics include attempting to obtain login credentials by telling readers their password is about to expire.

It’s important to note that in many cases clients receive phishing emails on a random basis, with no direct tie to the fact that they’re working with CDK. Attackers issue phishing emails to millions of users, hoping that a handful of recipients act on their ill intended requests. Furthermore, receiving phishing emails does not necessarily constitute a breach of security for either the spoofed organization or the recipient. Spotting these emails and deleting them before opening any attachments makes phishing emails much more of a nuisance than a risk.

How CDK Protects Against Phishing

In an effort to assist organizations in defending against advanced phishing attacks and fraudulent electronic communication seeking to exploit the trusted CDK brand, CDK has published a Sender Policy Framework (SPF) record for our email systems. The Sender Policy Framework is a public, open standard to help prevent sender address forgery. Simply put, the SPF tells anti-phishing products used by our clients if a message is legitimately sent by CDK or one of its trusted partners.

The SPF helps determine whether an email comes from a legitimate source. It validates a sender’s address much like a postmark validates the return address of a physical piece of mail. While you can create a fake return address, much like a fake email address, a post mark cannot be forged. The SPF puts a “post mark” on emails from legitimate senders to ensure they are safe Organizations that are capable of leveraging the SPF can significantly reduce the amount of phishing, fraudulent and spam email purporting to be from CDK that reaches individual user inboxes.

Organizations wishing to take advantage of our SPF record must implement specific anti-spam or anti-phishing products that support this framework. These applications will then use CDK’s SPF record to identify and reduce the number of fraudulent and spam emails an organization receives. For more technical information regarding SPF implementation in your organization, please refer your email server administrator to:

Protecting Yourself Against Phishing

Whether an individual or an organization, clients should take several proactive precautions to protect themselves against phishing and other electronic communications fraud.

Be suspicious of messages that:

  • Seem urgent and require your immediate response.
  • Request personal information such as user ID, password, PIN, email address, or Social Security number even if it appears to be coming from a legitimate source.
  • Are addressed generically, such as “Dear Customer.”

If an email seems suspicious, do not click on any of the links or open any attachments to the email. Your computer can become infected with malware once you click on a link.

Even if it sounds legitimate, do not call the number given in the message or respond to the message.

Remember: Legitimate companies that have your sensitive data will not send or call you to ask for that information.

For additional phishing information, please view the Phishing FAQ.

Report Phishing to CDK

Let us know right away if you receive a suspicious email that looks like it is coming from CDK.

Forward the original email you received as an attachment or a description of the phone call or text message to

A representative from CDK will contact you or your employer as appropriate. We will take necessary steps to address suspicious events and works with anti-cybercrime organizations on an ongoing basis to help reduce phishing attacks.