This put up is a part of a collection sponsored by IAT Insurance coverage Group.
The Federal Motor Provider Security Administration (FMCSA) has issued a warning a couple of subtle phishing rip-off concentrating on motor carriers. Fraudulent emails, posing as official communications from the FMCSA are being despatched to registered entities with the intent of extracting delicate data.
These emails are designed to seem respectable, full with the FMCSA brand and formatting that intently mimics real correspondence. Nonetheless, the content material and knowledge requested are clear crimson flags for these within the know.
Instance of phishing e-mail
Rip-off particulars
The phishing emails in query ask carriers to finish an connected registration type. This manner goes past the same old requests, asking for private particulars such because the service’s social safety quantity, USDOT private identification quantity and RMIS ID. In some instances, carriers are even requested to add copies of their certificates of insurance coverage and driver’s license, below the ironic pretense of “fraud safety.”
Don’t full this way!
Recognizing the crimson flags
The FMCSA has emphasised they might by no means request such delicate data through e-mail varieties. Official communications from the FMCSA regarding data requests will both direct you to log in to your portal account or will come straight from an FMCSA-dedicated mailbox. Furthermore, any respectable e-mail from the FMCSA will come from an official FMCSA e-mail handle and never from the doubtful addresses presently getting used for these fraudulent requests: security@fmcsa.gov or submitting@fmcsa.gov.
Additionally, use the official FMCSA web site for biennial updates. Transportation firms should replace their data each two years, based mostly on the final digit of their DOT quantity. In the event you make any modifications to your fleet dimension, whether or not it grows or shrinks, replace your MCS-150 on the FMCSA web site. Solely obtain and fill out varieties from the official .gov web site. Failure to take action will affect your CSA scores and make you non-compliant.
It’s essential to stay vigilant and confirm any suspicious e-mail seemingly from the FMCSA or different company. In the event you obtain an e-mail demanding private particulars or threatening to cancel your USDOT quantity inside 24 hours when you don’t comply, it’s a rip-off. The FMCSA and different U.S. companies don’t function on this method.
5 tricks to defend your self from phishing scams
Listed below are 5 finest practices to guard your self and your online business from falling sufferer to a phishing rip-off:
- Confirm the e-mail supply. At all times verify the sender’s true e-mail handle by hovering your cursor over it to disclose the complete handle. This follow will show you how to establish the e-mail supply and decide if it’s respectable.
- Keep away from clicking on suspicious hyperlinks or downloading attachments. Likewise, if an e-mail accommodates hyperlinks, hover over them to see the place they lead earlier than clicking. If the URL seems suspicious, do NOT click on it.
- Watch out for urgency. Phishing emails usually create a way of urgency to immediate fast motion. Be cautious of any e-mail that threatens drastic motion if you don’t reply inside a brief timeframe.
- Don’t share private data by e-mail. By no means present private or delicate data through unsecured e-mail communications. Bear in mind, official companies just like the FMCSA won’t ever request account numbers, passwords, Social Safety numbers, USDOT PIN, bank card particulars, copies of invoices or different private data through e-mail varieties or an unsolicited textual content, cellphone name or fax. In the event you obtain such a request, it’s a rip-off.
- Report suspicious emails. In the event you obtain a suspicious e-mail, instantly report it to the FMCSA or your IT division. This helps stop others from falling sufferer to the identical rip-off.
Why now? New login necessities from the FMCSA website create confusion
In response to a presidential mandate for multi-factor authentication, the FMCSA started transitioning to Login.gov in 2024 to boost on-line security and safety. This transition requires all customers with credentials for any FMCSA system to make use of a Login.gov account to entry FMCSA programs as an alternative of utilizing their DOT PIN.
As of January 1, www.login.gov is the only methodology for accessing the FMCSA portal and the Unified Registration System; nonetheless, throughout this era of transition, the phishing rip-off is profiting from carriers who could be confused by the brand new system.
To log in, you have to now use the federal portal through Login.gov. The FMCSA PIN is not legitimate for accessing the system. Ensure that to request a brand new login from Login.gov, choose who will likely be chargeable for the login, and make sure you full the verification course of by hitting the “GO” button or the “SMS” button, relying on the system you might be accessing.
ASK A LOSS CONTROL REPRESENTATIVE
Have a query on the best way to mitigate danger? E-mail losscontroldirect@iatinsurance.com for an opportunity to see your query answered in a future weblog.
By Nancy Ross-Anderson
Subjects
Trucking
Concerned about Trucking?
Get computerized alerts for this subject.
