Recently one of our MMTA members received an email, purporting to be from FMCSA and requesting information regarding a NEW ENTRANT safety audit.  The only two clues that the email was not legit is that it came from a .com email and that the member in question was not a new entrant.  The member in this case did a great job in recognizing the phishing email and we verified the fake with FMCSA.

FMCSA has this ALERT published on their website in the Registrations link:

High Phishing Alert: Fake Safety Audit

An email is being sent to registered entities by someone pretending to be FMCSA and notifying you need to schedule a safety audit. The link to request the safety audit has what appears to be a SAFER URL and mirrors FMCSA’s MCS-150, but includes fields to enter a PIN #, EIN #, and Social Security Number. Not only is some of this information Personal Identifiable information (PII), but this information would also allow the unauthorized party to gain access to your FMCSA account. The email containing the link is also very convincing this is coming from FMCSA.

Communications relating to safety audits will typically come directly from an FMCSA dedicated mailbox, or from the entity within the State that has been assigned the responsibility to conduct the safety audit. While these emails typically end in a “.gov”, we encourage our stakeholders and customers to verify any email or communication they feel to be suspicious with the appropriate agency or contact your FMCSA Division Office directly to clarify. The Federal Trade Commission (FTC) recommends following certain procedures for email verification.