High phishing alert: Fake FMCSA emails target operators

An email scam is targeting registered operators by posing as the Federal Motor Carrier Safety Administration (FMCSA), the federal agency has warned.

The fraudulent emails request recipients to complete an attached form and, in some cases, to provide a certificate of insurance and driver’s license. The email threatens fines for non-compliance within a day, a practice not endorsed by FMCSA.

The scam aims to collect personal identifiable information, potentially allowing unauthorized access to FMCSA accounts. The emails are convincingly formatted to appear official.

The emails appear to come from safety@fmcsa.gov or filing@fmcsa.gov, which are not legitimate FMCSA addresses. Replies to these emails are directed to @fmcsa-safety-fmcsa.com, another unauthorized domain. 

FMCSA
This is an example of a fake FMCSA email.

FMCSA advises that legitimate communications will direct users to log in to their portal account at FMCSA Login (dot.gov) or come from a dedicated FMCSA mailbox ending in “.gov.” Stakeholders are encouraged to verify suspicious emails with the appropriate agency. 

FMCSA processing time for registration forms

In response to inquiries about delays in processing registration-related paper forms, FMCSA said that the increased wait times are due to enhanced verification procedures to protect against fraud. The processing timeframe for paper forms that could be submitted electronically online has been extended to up to 30 days to allow for these additional checks. Complete, accurate, and compliant requests are expected to be processed more quickly. Transactions submitted online or required to be on paper will receive expedited processing.

For more information, visit FMCSA’s online guide: https://www.fmcsa.dot.gov/registration/registration-forms.

New version for MCS-150 series forms

FMCSA has updated the MCS-150 Series forms to include a new reason for filing and a question to capture non-commercial motor vehicle information. Previous versions of these forms will no longer be accepted. The updated forms are available on the registration forms page of the FMCSA website.

SAFER system updates

The Safety and Fitness Electronic Records (SAFER) System has been updated to clarify how information is displayed, particularly the USDOT number and operating authority (OA) statuses. The “NOT Authorized” message previously caused misunderstandings about USDOT status. The updated Company Snapshot now includes distinct fields for USDOT and OA status.

For more information, visit the related FAQ: https://www.fmcsa.dot.gov/registration/ask-fmcsa.

High phishing alert: fake safety audit

Another email scam is circulating, this time notifying recipients to schedule a safety audit. The email includes a link that appears to be a SAFER URL and mimics FMCSA’s MC-150 form but requests sensitive information such as PIN, EIN, and Social Security numbers. This information could allow unauthorized access to FMCSA accounts.

Legitimate safety audit communications will come from a dedicated FMCSA mailbox or the state entity assigned to conduct the audit, typically ending in “.gov.” Stakeholders are urged to verify any suspicious emails with the appropriate agency or contact their FMCSA Division Office directly. 

New requirements for updating FMCSA registration records

FMCSA has instituted requirements for updating a company’s registration record. Customers must now submit supporting evidence along with their registration forms. Specifically, for MCS-150/150B/150C, MCSA-5889, and OP-1 forms, a copy of the company officer’s driver’s license is required. Updates to company EIN must include a copy of the IRS EIN confirmation letter (Form SS-4). For updates to the company’s legal business name, a copy of the articles of incorporation or amendments from the secretary of state’s office is required. Forms can be downloaded from the FMCSA registration forms page. For additional assistance, the FMCSA support team is available.

Transition to Login.gov for FMCSA systems

In response to a presidential mandate for multi-factor authentication, the FMCSA has begun transitioning to Login.gov for all system access. As of Jan. 1, users need a Login.gov account to access the FMCSA portal and the Unified Registration System. Users should ensure their FMCSA portal email matches their Login.gov account. Assistance is available for any inquiries.

Fraud advisory and aggressive telemarketing

The FMCSA warns against fraudulent activities and aggressive telemarketing. Official FMCSA communications do not include telemarketing or requests for credit card information. Suspected fraud or identity theft should be reported via the Federal Trade Commission’s fraud reporting website. The FMCSA advises that while they display motor carrier contact information publicly, they do not endorse private businesses or vendors for financial responsibilities. Reports of misleading telemarketing should be made to the FTC.

FMCSA daily decisions on operating authority

The FMCSA has announced that daily decision letters regarding operating authority will now be publicly available the day they are generated. This change aims to prevent delays caused by waiting for hard-copy letters. These decisions can be accessed on the FMCSA registration homepage. The FMCSA emphasizes that the authoritative source for operating authority registration is the licensing and insurance system, not paper copies of certificates.

Share this post