This post is part of a series sponsored by IAT Insurance Group.
The Federal Motor Carrier Safety Administration (FMCSA) has issued a warning about a phishing scam targeting auto companies. Fraudulent emails, masquerading as official communications from the FMCSA are sent to registered companies with the intent of leaking sensitive information.
These emails are designed to appear official, complete with the FMCSA logo and formatting that closely mimics real communications. However, the content and information requested are clear red flags for those in the know.
An example of a phishing email
Scam details
The phishing emails in question ask carriers to fill out an attached registration form. This form goes beyond the standard requests, asking for personal information such as the carrier's social security number, USDOT personal identification number and RMIS ID. In some cases, carriers are even asked to upload copies of their insurance certificate and driver's license, under the ludicrous pretense of “fraud protection.”
Do not fill out this form!
Spotting the red flags
The FMCSA emphasized that it would never request such sensitive information through email forms. Official communications from FMCSA regarding information requests will direct you to log into your portal account or will appear directly in a mailbox designated by FMCSA. In addition, any official e-mail from the FMCSA will come from an official FMCSA e-mail address and not from the suspicious addresses used for these fraudulent applications: safe@fmcsa.gov or filing@fmcsa.gov.
Also, use the official FMCSA website for biannual updates. Transportation companies must update their information every two years, based on the last digit of their DOT number. If you make changes to the size of your fleet, whether it's growing or shrinking, update your MCS-150 on the FMCSA website. Only download and fill the forms from the official .gov website. Failure to do so will impact your CSA scores and make you non-compliant.
It is important to remain vigilant and verify any suspicious email that appears to be from FMCSA or another agency. If you receive an email asking for personal information or threatening to cancel your USDOT number within 24 hours if you do not comply, it is a scam. The FMCSA and other US agencies do not operate this way.
5 tips to protect yourself from phishing scams
Here are five top ways to protect yourself and your business from becoming a victim of phishing:
- Verify the source of the email. Always check the sender's actual email address by hovering over it to reveal the full address. This practice will help you identify the source of the email and determine if it is legitimate.
- Avoid clicking on suspicious links or downloading attachments. Similarly, if the email contains links, hover over them to see where they lead before clicking. If the URL looks suspicious, DO NOT click on it.
- Be aware of urgency. Phishing emails often create a sense of urgency to prompt action. Be wary of any email that threatens serious action if you don't respond within a short time.
- Do not share personal information via email. Never provide personal or sensitive information through unsecured email communications. Remember, regulatory agencies like the FMCSA will never ask for account numbers, passwords, Social Security numbers, USDOT PINs, credit card information, copies of invoices or other personal information through unsolicited email or text, phone or fax. If you receive such a request, it is a scam.
- Report suspicious emails. If you receive a suspicious email, report it immediately to FMCSA or your IT department. This helps prevent others from falling victim to the same scam.
Why now? The new entry requirements from the FMCSA site are causing confusion
In response to the president's multi-factor authentication mandate, FMCSA began transitioning to Login.gov in 2024 to improve online safety and security. This change requires all credentialed users of any FMCSA system to use a Login.gov account to access FMCSA systems instead of using their DOT PIN.
Effective January 1, www.login.gov is the only way to access the FMCSA portal and Unified Registration System; however, during this transition period, a phishing scam is taking advantage of carriers who may be confused by the new system.
To sign in, you must now use the federal portal through Login.gov. The FMCSA PIN is no longer valid to access the system. Be sure to request a new login on Login.gov, choose who will be responsible for the login, and make sure you complete the verification process by pressing the “GO” button or the “SMS” button, depending on the program you are accessing.
ASK A LOSS CONTROL REPRESENTATIVE
Have a question about how to reduce risk? Email losscontroldirect@iatinsurance.com for a chance to see your question answered in a future blog.
Written by Nancy Ross-Anderson
Articles
Trucks
Interested in Trucks?
Get automatic alerts for this article.
Source link
