Phishing emails claiming to be a ‘fake Safety Audit’: How to spot them

https://img.overdriveonline.com/files/base/randallreilly/all/image/2024/06/WSTA_mockup_of_SCAM_email.6669c22f32801.png?auto=format,compress&fit=max&q=70&w=1200

Owner-operator Wayne Bruene alerted Western States Trucking Association about what is clearly a phishing message making the rounds. It is a follow-up to a phone conversation that was had with a Federal Motor Carrier Safety Administration (FMCSA) auditor about an “Entrant Safety audit.”

There is one problem: owner-operator Bruene, who lives in California, is not a newEntrant. He has been running his own business since 2013, when WSTA filed the original authority and he lived in California. Bruene reacted to the email by saying, “I thought it was very fishy” or phishy. “I don’t recall a phone conversation in January,” Bruene said, referring to the email. This is likely what the scammer intended, as six months may be just enough time to make a reader wonder if they have indeed spoken with an auditor or if they simply missed something.

The message continued to indicate urgency in its request. It gave Bruene a deadline of only a few days to provide documents, including a drivers license, annual vehicle inspection reports and more.

WSTA Government Relations Director Joe Rajkovacz noted that the message is mocked-up to resemble what the agency sends to newly registered motor carrier with respect to the required New Entrant Audits and might even fool some.

WSTA's mockup of the scam email Rajkovacz sent this mockup in an email.
The final words at the bottom of the image are not visible in the image above.

The submission of all documents required by your operation could negate the need for an onsite Entrant Safety audit at your place-of-business and reduce the time required to complete the Audit process.

We will let you know if there are any additional requirements after reviewing the documentation. If you fail to provide the documentation required to perform the safety auditor, as per 49 CFR 385.337 (b), your registration as an Entrant could be revoked.

The “GET STARTED”, all-caps hyperlink takes you to a page containing a “completely blank” form, which Bruene claimed was part of FMCSA’s virtual universe. The form asked the user to enter their entire carrier profile.

FMCSA warned in February that having all the information requested would allow an unauthorized party access to your FMCSA accounts. The agency noted at the time. Overdrive wrote at the time that with such access, crooks could get “the keys to the kingdom” so to speak and change information to impersonate other entities and carriers in fraudulent freight transactions, like those alleged in an indictment handed to a Chicago-area man within the past week.

In its February registration alert FMCSA reminded active carriers that official audit communications “typically” come from an FMCSA-dedicated mailbox or from the entity in the State that is responsible for conducting the safety audit. Unlike the email Bruene got, such emails usually end with a .govextension. The agency also encouraged “stakeholders or customers to verify any communication or email they feel is suspicious with the appropriate agencies or contact your FMCSA Division Office to clarify.”

The FMCSA Public Affairs acknowledged the email Bruene had received but did not respond to this story in time.

The owner-operator was fortunate to have been able to recognize the phishing scam. “I remember all the stuff we got when we first started out,” he said about the flood of solicitations, emails and other emails – some scammy – he and his spouse received after obtaining their authority initially, a decade ago. “We would receive phone calls, emails, and other mail,” he said.

Bruene summarized his thinking in this way: “I should send this to Joe and see if it’s on the right track.”

Wayne Bruene's Volvo, 2014 model

This 2014 Volvo is owned by Bruene, who has been driving his second truck for 10 years.

He’s glad that he moved to his authority despite the headaches. He was a company driver in the past, and his employer told him at that time “I’ll be back here in six month” when he moved.

He said that Bruene had the last laugh. “He’s out-of-business” today, not me.

[ Related to: FMCSA issues active phishing alert FMCSA issues “fake safety auditor” active phishing alert ]

<<<- Go Back