New Phishing Scam Targets Motor Carriers

If you get an email that says it’s from The Federal Motor Carrier Safety Administration requesting that carriers’ complete forms attached to the email, the agency warns that it may be a phishing scam.

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

In the scam emails, FMCSA says, those forms ask for a social security number and USDOT PIN. FMCSA does not require such information on official FMCSA forms. Carriers should NOT fill out forms attached to the fake email, and always refer to the official FMCSA forms for the latest and official documents.

In some cases, the phishing attempt also asks for a certificate of insurance and driver’s license to help protect the recipient against fraud. There is also a threat that if the recipient does not respond within a day, the individual will be fined, which is also not an FMCSA practice as part of the registration process. 

How to Spot These Fake Emails

The fake email originates from one of the following email addresses:

• [email protected]
• [email protected]
• [email protected]
• [email protected]

None of these are legitimate email addresses and are NOT used or owned by FMCSA. 

If the recipient replies to the email, their message goes to @fmcsa-safety-fmcsa.com, which is also NOT a domain owned or used by FMCSA.

Not only is some of this information Personal Identifiable information, but this information would also allow the unauthorized party to gain access to the recipient’s FMCSA account.

The fake email containing the phishing link appears very convincing that the correspondence is from FMCSA, according to the agency. Screenshots of the fake email can be found on FMCSA’s website.

Communications from FMCSA relating to information requests of this type would either request individuals to log into their portal account at FMCSA Login (dot.gov), or the email would come directly from an FMCSA dedicated mailbox. While these emails typically end in “.gov”, FMCSA encourages stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency.

Earlier this year, the FMCSA warned motor carriers of a different email phishing scam involving a fake DOT safety audit.

Here’s What Individuals Can Do to Avoid Phishing

• Do not click any suspicious links. Hover over them to see the real email address or URL of that link. Click only on links you deem trustworthy
• Contact your applicable State Trucking Association or contact theNorthAmerican Transportation Association at 800-805-0040 (www.ntassoc.com).
• Visit the Cybersecurity & Infrastructure Security Agency for more guidance on online deceiving tactics.
• The Federal Trade Commission recommends following certain procedures for email verification. 
• File a complaint with the Federal Bureau of Investigations (FBI) by using their Internet Crime Compliant Center (IC3) site

Reach out to the FMCSA Contact Center or call (1-800-832-5660) if you are the target of these practices.