The Federal Motor Carrier Safety Administration (FMCSA) is notifying carriers that a phishing email pretending to be from FMCSA is targeting fleets. The message requests that fleets complete forms attached to the email, which then ask for the user’s social security number and US DOT PIN.
None of this information is typically requested on FMCSA forms, and the organization warns fleets not to respond to these messages. Additionally, the message sometimes asks for a certificate of insurance and driver’s license to help protect the recipient from fraud and threatens that if fleets don’t respond within a day, they will be fined.
Read more: Global cyberthreats could target U.S. fleets
The message may appear to come from a few different email addresses, including [email protected], [email protected], [email protected] or [email protected]. The FMCSA does not own any of these addresses, and the email links go to @fmcsa-safety-fmcsa.com, a domain FMCSA does not own. FMCSA also does not fine carriers as part of the registration process.
If recipients provide this personal identifiable information, it could allow someone to access their FMCSA account. The organization recommends fleets refer to official FMCSA forms for the latest official documents, and would only ask for this information through someone’s portal account or come through a FMCSA dedicated mailbox, usually ending in .gov.
