Updated August 7, 2024, with more resources from FMCSA representatives, attendant to an August 7 outreach to media about this scam in particular.
Acer Transport small fleet owner Rudy Yakym Jr. forwarded an email my way recently with just a short note added:
This looks like a phishing expedition to me. Your thoughts?
As with other email-phishing hack attempts we've seen in recent months, the email was crafted to appear as if sent from the Federal Motor Carrier Safety Administration. As Yakym put it in conversation later: "It looks so official," and for just a moment he was convinced. Yet having his wits about him for these kinds of things, he noticed a sent-from email with the @FMCSA.gov domain, not the typical FMCSA domain (FMCSA.DOT.gov). A closer look revealed then a reply-to address at a safety-fmcsa.com domain, most definitely not affiliated with the actual agency.
The message to recipients in this latest example of hackers' phishing attempts might be the most interesting thing about it, though. A clear attempt at carrier identity theft here, the would-be thieves begin their message with an appeal to your zeal to fight fraud!
To ensure compliance and protect your information from potential fraud, we kindly request that you complete the provided form.
FMCSA's plans to clean up its registration system, in part to deter bad actors just like these hackers, are no secret, of course. Seems the fraudsters are paying attention to the news, too.
[Related: With registration-overhaul push, does FMCSA have a sole-proprietor problem]
Attached to the phishing email was a pdf form that looks like the official MCSA-5889 form for changing a motor carrier's record, yet it's been altered slightly, according to FMCSA's Cicely Waters, to ask for a "customer to provide their Social Security Number and USDOT Personal Identification Number. FMCSA would not request this information on a form."
Following through on the hackers' directions would well give them the keys to your kingdom. With the next bit of information requested in the message that owner-operator Yakym received, they'd have an easy route toward pretending to be you on load boards and hoodwinking brokers and/or brokerage platforms out of freight and/or load payments, depending on the scheme. It's possible they could even change your business profile information with FMCSA to their own. Here's what the email also asks for:
Additionally, please reply to this email with both your Certificate of Insurance and Driver's License for verification purposes to confirm your association with the organization.
If you fell for this scam, or have seen variations on it, take action -- the FMCSA registration office published the alert at this link about the phishers. It's a good idea to check your login to FMCSA's system and all information there for tampering.
[Related: Safeguard your business' Certificate of Insurance to avoid becoming ID theft victim]
The registration alert from the agency re-emphasized ways to verify official communications about info requests:
- Such communications from FMCSA would either request carriers to log in to their portal account or come directly from an FMCSA-dedicated mailbox.
- Emails to registered entities typically do end in a .gov extension, yet the agency encourages verification of any email or communication that seems suspicious.
- The Federal Trade Commission (FTC) recommends these procedures for email verification.
- Do not click any suspicious links, the agency noted. Rather, hover over them with a cursor, or press and hold your finger in place on a link on a smartphone screen, to discover the real URL of the link. Click only on links you deem trustworthy
- Readers can find more guidance on deceiving tactics of phishers at the website of the Cybersecurity & Infrastructure Security Agency.
- FMCSA recommends filing a complaint with the Federal Bureau of Investigations (FBI), too, by using their Internet Crime site.
- The FMCSA's Office of Registration can be contacted directly through the methods noted on the page at this link, including at the 800-832-5660.
[Related: 'Fake safety audit' phishing emails keep pouring in]
Hotshot hauling toward retirement?
I hadn't talked to Indiana-headquartered small fleet owner Yakym in quite some time. With his son now in Congress and himself in his early 70s, he said, he's been slowing down, to an extent, with his own trucking. At once, the Acer Transport fleet's grown in recent times to three company trucks and three owner-operators leased on.
He shared this picture of a 2022 Ram 5500 straight flatbed he bought new and outfitted to kill two birds with one stone, as it were, hauling and vacationing, RV-style.
How's that for a hotshot?
Yakym noted he just recently "hired a general manager to run the show" at Acer, and he's slowly working his way toward a "semi-retired, quasi-RV lifestyle," he said. The run to Alaska was the camper-outfitted flatbed's maiden voyage, and it turned out that camper was just a bit "too cloistered and confining for my wife and I."
Other plans are in the works for the Ram 5500, so keep tuned.