FMCSA spots phishing scheme circulating in transportation space
Earlier this month, the Internal Revenue Service sent a reminder to dealers to be vigilant of digital criminals portraying themselves as representatives from the federal agency.
This week, another federal agency — the Federal Motor Carrier Safety Administration (FMCSA) — delivered a similar message to transportation providers.
FMCSA officials said in an online update that an email is being sent to registered entities by someone pretending to be from the agency and requesting that you complete attached forms, which ask for a Social Security Number and USDOT PIN.
FMCSA said it does not require such information on the official FMCSA forms.
“DO NOT fill out attached forms. Always refer to the official FMCSA forms,” officials said. “In some cases, they are also asking for a certificate of insurance and driver’s License to help protect you against fraud. There is also a threat that if you don’t respond within a day that you will be fined, which is also not an FMCSA practice.”
FMCSA indicated the email shows that it came from either safety@fmcsa.gov or filing@fmcsa.gov, which are not legitimate email addresses and are not used or owned by FMCSA.
If transporters reply to the email, officials said it goes to @fmcsa-safety-fmcsa.com, which is also not a domain owned or used by FMCSA.
“Not only is some of this information personal identifiable information (PII), but this information would also allow the unauthorized party to gain access to your FMCSA account. The email containing the link is also very convincing that this is coming from FMCSA,” officials said.
Officials reiterated communications from FMCSA relating to information requests of this type would either request you to log in to your portal account at FMCSA Login (dot.gov) or come directly from an FMCSA dedicated mailbox.
“While these emails typically end in a ‘.gov,’ we encourage our stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency,” officials said.
The Federal Trade Commission (FTC) recommends these procedures for email verification.