Acer Transport small fleet owner Rudy Yakym Jr. forwarded an email my way recently with just a short note added:
This looks like a phishing expedition to me. Your thoughts?
As with other email-phishing hack attempts we've seen in recent months, the email was crafted to appear as if sent from the Federal Motor Carrier Safety Administration. As Yakym put it in conversation later: "It looks so official," and for just a moment he was convinced. Yet having his wits about him for these kinds of things, he noticed a sent-from email with the @FMCSA.gov domain, not the typical FMCSA domain (FMCSA.DOT.gov). A closer look revealed then a reply-to address at a safety-fmcsa.com domain, most definitely not affiliated with the actual agency.
The message to recipients in this latest example of hackers' phishing attempts might be the most interesting thing about it, though. A clear attempt at carrier identity theft here, the would-be thieves begin their message with an appeal to your zeal to fight fraud!
To ensure compliance and protect your information from potential fraud, we kindly request that you complete the provided form.
FMCSA's plans to clean up its registration system, in part to deter bad actors just like these hackers, are no secret, of course. Seems the fraudsters are paying attention to the news, too.
[Related: With registration-overhaul push, does FMCSA have a sole-proprietor problem]
Attached to the phishing email was a pdf form that looks like the official MCSA-5889 form for changing a motor carrier's record, yet it's been altered slightly, according to FMCSA's Cicely Waters, to ask for a "customer to provide their Social Security Number and USDOT Personal Identification Number. FMCSA would not request this information on a form."
Following through on the hackers' directions would well give them the keys to your kingdom. With the next bit of information requested in the message that owner-operator Yakym received, they'd have an easy route toward pretending to be you on load boards and hoodwinking brokers and/or brokerage platforms out of freight and/or load payments, depending on the scheme. It's possible they could even change your business profile information with FMCSA to their own. Here's what the email also asks for:
Additionally, please reply to this email with both your Certificate of Insurance and Driver's License for verification purposes to confirm your association with the organization.
If you fell for this scam, or have seen variations on it, take action -- the FMCSA registration office published the alert at this link about the phishers. It's a good idea to check your login to FMCSA's system and all information there for tampering.
[Related: Safeguard your business' Certificate of Insurance to avoid becoming ID theft victim]
Find more information on spotting would-be business identity thieves in Chapters 8 ("Managing money") and 18 ("Going independent") of the updated Overdrive/ATBS-coproduced "Partners in Business" book for new and established owner-operators, a comprehensive guide to running a small trucking business sponsored for 2024 by the Rush Truck Centers dealer network. Follow this link to download the most recent edition of Partners in Business free of charge.
- Such communications from FMCSA would either request carriers to log in to their portal account or come directly from an FMCSA-dedicated mailbox.
- Emails to registered entities typically do end in a .gov extension, yet the agency encourages verification of any email or communication that seems suspicious.
- The Federal Trade Commission (FTC) recommends these procedures for email verification.
- The FMCSA's Office of Registration can be contacted directly through the methods noted on the page at this link.
[Related: 'Fake safety audit' phishing emails keep pouring in]
Hotshot hauling toward retirement?
I hadn't talked to Indiana-headquartered small fleet owner Yakym in quite some time. With his son now in Congress and himself in his early 70s, he said, he's been slowing down, to an extent, with his own trucking. At once, the Acer Transport fleet's grown in recent times to three company trucks and three owner-operators leased on.
He shared this picture of a 2022 Ram 5500 straight flatbed he bought new and outfitted to kill two birds with one stone, as it were, hauling and vacationing, RV-style.
"We just took a load to Anchorage [Alaska] and back," Yakym said, on a nearly 4-week run. It was the maiden voyage with the "sleeper" you see situated on the truck's flatbed. The 30-foot aluminum trailer then pulled behind was loaded with a boat and a mint-condition 1973 BMW motorcycle for "a paid vacation," as it were.
How's that for a hotshot?
He picked up another vehicle for the return trip, banking more revenue.
Yakym noted he just recently "hired a general manager to run the show" at Acer, and he's slowly working his way toward a "semi-retired, quasi-RV lifestyle," he said. The run to Alaska was the camper-outfitted flatbed's maiden voyage, and it turned out that camper was just a bit "too cloistered and confining for my wife and I."
Other plans are in the works for the Ram 5500, so keep tuned.
