The Federal Motor Carrier Safety Administration (FMCSA) in the United States has recently issued a warning to trucking companies about phishing attempts carried out by malicious individuals. These scammers impersonate agency auditors and send emails to carriers, claiming to be from the FMCSA and stating the need to schedule a safety audit.
The emails contain a link that appears to lead to a legitimate URL on the Safer website, simulating updates to the FMCSA’s MCS-150 form. However, the page includes input fields asking for the carrier’s Personal Identification Number (PIN), Employer Identification Number (EIN), and Social Security number. Possessing this information would allow an unauthorized party to access the carrier’s FMCSA account, giving the scammers privileged access to modify information and impersonate carriers in fraudulent freight transactions.
The FMCSA emphasizes that the emails containing these links are very convincing and can easily be mistaken for official communications. The agency has shared images of the problematic modules on the web pages linked in the emails, designed to look official.
Finally, the FMCSA reminds that official communications regarding safety audits typically come directly from a dedicated FMCSA mailbox or from the state entity responsible for conducting the audit. Although these emails usually end with a “.gov” extension, the agency encourages carriers and stakeholders to verify any suspicious email or communication with the appropriate agency or to contact their FMCSA Division Office directly for clarification.
Aware of this issue, we urge trucking companies and their employees to exercise vigilance and adopt stringent cybersecurity practices to protect themselves against these phishing attempts and safeguard the integrity of their data.
