NEWS & REPORTS

Alert: FMCSA registrants targeted in phishing attack Carriers registered with the Federal Motor Carrier Safety Administration are receiving fake emails urging them to complete a form with sensitive information

Aug 16, 2024 | Industry News

BT Staff

Users registered with the Federal Motor Carrier Safety Administration are the target of a new phishing campaign that urges them to complete a form attached to the fake email, according to an alert from the agency.

The forms ask for a social security number and USDOT PIN, information that isn’t required on official FMCSA forms. Carriers should not fill out forms attached to the fake email and always refer to official FMCSA forms for the latest and official documents, the agency warned. In some cases, the phishing attempt also asks for a certificate of insurance and driver’s license to help protect the recipient against fraud.

There also is a threat that if the recipient doesn’t respond within a day, they will be fined, which is not an FMCSA practice.

The fake email originates from either safety@fmcsa.gov, filing@fmcsa.gov, dotfilings@fmcsa.gov or audit@fmcsa.gov, none of which are legitimate email addresses and are not used or owned by FMCSA. If the recipient replies to the email, their message goes to @fmcsa-safety-fmcsa.com, which is also not a domain owned or used by FMCSA. Not only is some of this information personal identifiable information, but this information also would allow the unauthorized party to gain access to the recipient’s FMCSA account.

“The fake email containing the phishing link appears very convincing that the correspondence is from FMCSA,” the agency stated in a release.

Screenshots of the fake email can be found on FMCSA’s website.

Communications from FMCSA relating to information requests of this type would either request individuals to log into their portal account at FMCSA Login (dot.gov), or the email would come directly from an FMCSA dedicated mailbox. While these emails typically end in “.gov,” FMCSA encourages stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency.

What individuals can do:

  • Do not click any suspicious links, hover over them to see the real email address of url of that link. Click only on links deemed trustworthy
  • Visit the Cybersecurity & Infrastructure Security Agency for more guidance on online deceiving tactics. Learn more about phishing
  • The Federal Trade Commission (FTC) recommends following certain procedures for email verification
  • File a complaint with the Federal Bureau of Investigations (FBI) by using their IC3 site
  • Reach out to the FMCSA Contact Center or call (1-800-832-5660) when targeted

About the Author

NEWS & REPORTS

2024 Commercial Vehicle Safety Symposium

Presentations from the 2024 Pennsylvania Commercial Vehicle Safety Symposium; August 2024 FMCSA Update NDASA Drug and Alcohol Testing Update Doug Marcello; Cost of Noncompliance Presentation Richard C. Kelly; Civil Liability  

Chevron deference is gone. What does that mean for trucking?

A world without Chevron deference empowers courts to ignore agencies’ interpretations of their own statutory authority, bringing new vulnerability to emissions regulations, FMCSA rulemaking, and more.   Jeremy Wolfe The Supreme Court in June overruled Chevron...

ATRI: VALUE OF RISK AND SAFETY PER ANNUAL OPERATING EXPENSE

Doug Marcello WHY IT MATTERS:  The value of safety and risk is not theoretical.  ATRI’s Annual Operational Cost of Trucking Study quantifies its value and importance to the bottom line.  And with anticipated premium increases, it is now more vital than ever to reduce...

4 Core Metrics Safety Directors Should Be Looking At Each Week

Scott Rea You know the old saying: “You can’t manage what you don’t measure?” As a Safety Director tasked with overseeing recruiting, compliance, and safety efforts in your company, you must use metrics to avoid wasting time and money, keep auditors and plaintiff’s...

CATEGORIES