FMCSA & USDOT Identity Fraud Alert
BMC-84 or BMC-85: What is Needed for Freight Brokers?
July 17, 2024FMCSA & USDOT Identity Fraud Alert
Freight fraud is a growing menace in the logistics industry, costing businesses millions and disrupting supply chains worldwide. Whether it’s through elaborate scams like phishing emails or identity theft, fraudsters are becoming increasingly sophisticated in their methods. This article sheds light upon the latest in a never-ending barrage of attacks from criminals trying to steal your money.
Keep scrolling to know the latest potential threats to your business.
FMCSA High Alert – New Phishing Fake Email
Dear [Authorized Entities],
The Federal Motor Carrier Safety Administration (FMCSA) requests your assistance in amplifying this important message regarding a new phishing fake email.
The agency is aware that an email is being sent to registered entities by a party pretending to be FMCSA and requesting that carriers complete forms attached to the email. Those forms ask for a social security number and USDOT PIN. FMCSA does not require such information on official FMCSA forms . Carriers should NOT fill out forms attached to the fake email, and always refer to the official FMCSA forms for the latest and official documents. In some cases, the phishing attempt also asks for a certificate of insurance and driver’s license to help protect the recipient against fraud. There is also a threat that if the recipient does not respond within a day, the individual will be fined, which is also not an FMCSA practice as part of the registration process.
The fake email originates from either safety@fmcsa.gov, filing@fmcsa.gov, dotfilings@fmcsa.gov or audit@fmcsa.gov , none of which are legitimate email addresses and are NOT used or owned by FMCSA. Next, if the recipient replies to the email, their message actually goes to @fmcsa-safety-fmcsa.com, which is also NOT a domain owned or used by FMCSA. Not only is some of this information Personal Identifiable information (PII), but this information would also allow the unauthorized party to gain access to the recipient’s FMCSA account. The fake email containing the phishing link appears very convincing that the correspondence is from FMCSA. Screenshots of the fake email can be found on FMCSA’s website .
Communications from FMCSA relating to information requests of this type would either request individuals to log into their portal account at FMCSA Login (dot.gov) , or the email would come directly from an FMCSA dedicated mailbox. While these emails typically end in “.gov ”, we encourage our stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency.
Here’s What Individuals Can Do:
- Do not click any suspicious links, hover over them to see the real email address of url of that link.
- Click only on links you deem trustworthy.
- Visit the Cybersecurity & Infrastructure Security Agency for more guidance on online deceiving tactics.
- Learn more about phishing.
- The Federal Trade Commission (FTC) recommends following certain procedures for email verification.
- File a complaint with the Federal Bureau of Investigations (FBI) by using their IC3 site.
- Reach out to the FMCSA Contact Center or call (1-800-832-5660) if you are the target of these practices.
Thank you,
Cicely L. Waters Director,
Office of Communications
Federal Motor Carrier Safety Administration
U.S. Department of Transportation
Here is a blow up of the phishing email insert the FMCSA refers to:
As you can see from the phishing email, these criminals are attempting to obtain your certificate of insurance and a copy of your driver’s license. They use your driver’s license to obtain a new PIN number on your FMCSA portal; then they change your phone number and email address on the portal to redirect load inquiries to them.
In addition to the alert from the FMCSA, the Department of Transportation acknowledged that there are recent threats personally attacking new entrants. This problem has surfaced in a fake New Entrant Safety Audit email purportedly from the FMCSA. These fraudsters are also after the new entrant’s DOT or FMCSA portal PIN numbers.
An example of one of the new entrants phishing emails is below:
Protect Your Business Against Freight Fraud
Freight fraud poses serious risks to the logistics industry. Protecting your business requires vigilance and effective strategies. At PFA we’re here to support you. In addition to the steps laid out by the FMCSA, we at PFA suggest two other procedures to fight the barrage of fraud in the industry:
- Check your personal information on the FMCSA website weekly. We have seen several instances of customers not knowing their personal information was changed after claims started coming in on their MC numbers. Some of them indicated they did not respond to any phishing email.
- Do your due diligence on the new brokers or carriers you’re doing business with on the internet. Make sure you are following proper on-boarding procedures. Check the phone numbers or addresses you received from the phone or internet communication with the potential customer on the FMCSA portal. Google the company to make sure the phone number and email address matches that on their website. Get an account with Carrier 411 or similar watchdog agency to check for fraudulent activity.
If you’ve been affected by freight fraud, contact us immediately for expert help in recovering and preventing further damage. We can walk you through the steps you need to take, including but not limited to, contacting the load boards and the FMCSA to indicate you’ve been a victim of fraud. Let us help you safeguard your business.