'Fake safety audit' phishing emails keep pouring in

user-gravatar Headshot

Owner-operator Wayne Bruene, mostly hauling grain today out of a home base of Ankeny, Iowa, alerted the Western States Trucking Association to what's clearly a phishing email making the rounds. It purports to be a follow-up email to a prior phone conversation with a Federal Motor Carrier Safety Administration auditor about an "Entrant Safety Audit."

One problem with that -- owner-operator Bruene is certainly no new Entrant, anyway. He's been in business for himself since way back in 2013, when WSTA handled his original authority filing and he was living in California. "I thought it looked real fishy," or phishy, as the case may be, Bruene said of the email. "I certainly don’t remember a phone call in January" with any auditor, either, he added, which was referenced near the top of the email. That's likely just as intended on the part of the scammer, with six months' time perhaps just far enough in the past to trick a reader's mind into questioning whether he or she may indeed have spoken with an auditor, or simply missed something.

The message went on to suggest urgency in its request, giving Bruene a time limit of just a couple days to supply documents, including a driver's license, annual required vehicle inspection reports, and more. 

WSTA Government Affairs Director Joe Rajkovacz noted the message is mocked up to resemble pretty closely what the agency sends out to newly registered motor carriers with respect to required New Entrant audits, and indeed might easily fool some. 

WSTA's mockup of the scam emailRajkovacz shared this mockup of language in the email.What the above image doesn't show is the final verbiage at bottom:

Submission of all documents required for your operation may negate the need to conduct an onsite Entrant Safety Audit at your place of business and may therefore reduce the amount of time to complete the required Audit process.


Upon review of the submitted documentation, we will inform you of any further requirements on your part. Failure to provide the necessary documentation requested to perform the safety audit, in accordance with 49 CFR 385.337(b), could result in a revocation of your Entrant registration.

That's followed by an all-caps "GET STARTED" hyperlink that goes to a page containing a form Bruene said was just "completely blank," and purported to be part of FMCSA's online universe. The form thus invited the unsuspecting user to enter his/her entire carrier profile, essentially. 

As FMCSA previously warned with a registration alert back in February, having all of the pieces of information requested would "allow the unauthorized party to gain access to your FMCSA account," the agency noted then. As Overdrive wrote at the time, with such access, crooks would get the "keys to the kingdom," so to speak, and could change information to impersonate carriers and other entities in fraudulent freight transactions like those alleged in a federal indictment handed down within the last week to a man operating out of the Chicago area. 

Partner Insights
Information to advance your business from industry suppliers
BlueParrott B350-XT
Presented by BlueParrott
The ALL NEW Rand Tablet
Presented by Rand McNally

With its February registration alert, FMCSA advised active carriers further that any official audit communications "typically come directly from an FMCSA dedicated mailbox, or from the entity within the State that has been assigned the responsibility to conduct the safety audit." Such emails typically end in a .gov extension, unlike the email Bruene received, and the agency also encouraged "stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency or contact your FMCSA Division Office directly to clarify." 

You can find all division offices at this link, and the agency also pointed carriers to the Federal Trade Commission's recommendations for procedures for email verification. Contacted about the specific email Bruene received, FMCSA Public Affairs acknowledged receipt but did not respond in time for this story. 

Fortunately for the owner-operator, he was aware enough to spot the fraudulent nature of the phishing attempt. "I remember all that stuff we were getting when we were first starting out," he said of the flood of solicitations and other emails, some scammy-sounding, he and his wife received after getting their authority initially a decade ago. "We would get phone calls and emails and other stuff in the mail," he added.

Rajkovacz at WSTA "heard from us a lot" over the early authority period, Bruene said, summarizing his thinking this way: "I better get this sent to Joe and see if this is on the up and up." 

Wayne Bruene's Volvo, 2014 modelOwner-operator Bruene's in his second truck now 10 years later, this 2014 Volvo.

He's glad he made the move to his authority even with those headaches. He'd been a company driver before, and his employer at that time told him "I'll see you back here in six months" when he made the move. 

Bruene got the last laugh, he said. "He's out of business" today, "not me." 

[Related: FMCSA issues 'fake safety audit' active phishing alert