The Federal Motor Carrier Safety Administration published an alert for motor carriers with authority about phishing attempts by criminals posing as agency auditors via email. The "fake safety audit" attempt is taking the form of emails to registered entities, including motor carriers, "pretending to be FMCSA" notifying you of the "need to schedule a safety audit," the agency said.
In the email, there's a link that looks as if it goes to a legitimate URL on the Safer website, mirroring FMCSA's MCS-150 form updates. Yet the page includes entry fields requesting a carrier's PIN, Employer Identification Number (EIN), and Social Security number.
Having all of those elements would "allow the unauthorized party to gain access to your FMCSA account," FMCSA said. With such access, crooks would get the keys to the kingdom and could change information to impersonate carriers and other entities in fraudulent freight transactions.
The email containing the link is "very convincing this is coming from FMCSA," the agency said, at first glance.
FMCSA shared this image of the problem module on the web page the email linked to, crafted to look official.
Official safety-audit communications, the agency added, will "typically come directly from an FMCSA dedicated mailbox, or from the entity within the State that has been assigned the responsibility to conduct the safety audit. While these emails typically end in a .gov" extension, we encourage our stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency or contact your FMCSA Division Office directly to clarify." Find all division offices at this link.
[Related: More ways to vet brokers to combat fraud, double brokering]
