How to Protect Your Trucking Fleet from Phishing Attacks?

Cybersecurity in Trucking: The Alarming Surge in Phishing Attacks

The trucking industry has seen a significant rise in phishing attacks aimed at stealing sensitive fleet data. According to a recent report by SlashNext Security, malicious emails have surged by a staggering 856% over the past year. The Federal Motor Carrier Safety Administration (FMCSA) confirmed that U.S. fleets were recently targeted in a widespread phishing attempt.

Generative AI has exacerbated the situation, making it easier for cybercriminals to execute these attacks. Since the introduction of advanced language models like ChatGPT, the volume of malicious emails has skyrocketed by 4,151%, as highlighted in the SlashNext report.

FMCSA’s Warning: A New Phishing Scam Targeting Fleets

Screenshot from the fake/imposter FMCSA email

Last week, FMCSA reached out to media outlets, urging them to alert registered entities about a new phishing scam circulating via email. The fraudulent email asks recipients to fill out an attached form requesting sensitive information such as a social security number and a USDOT PIN. Alarmingly, the email often threatens fines if the form is not completed within a day. FMCSA made it clear that they never request such details via email and advised against filling out any forms attached to these fake emails. 

Screenshot from the fake/imposter FMCSA email

The phishing email in question comes from email addresses that are not officially associated with FMCSA, including safety@fmcsa.gov, filing@fmcsa.gov, dotfilings@fmcsa.gov, and audit@fmcsa.gov. Those who respond to these emails with private information risk giving cybercriminals access to their official FMCSA accounts, further highlighting the critical need for comprehensive employee cybersecurity training and heightened awareness within the industry.

Business Email Compromise: The Primary Cyber Threat in Trucking

A significant portion of these malicious activities falls under the category of business email compromise, with fake FMCSA phishing emails being a prime example. Phishing scams, where attackers pose as legitimate organizations to deceive recipients, have become a leading form of cyberattack in the trucking sector. According to a report from the National Motor Freight Traffic Association, phishing is now one of the most prevalent cyber threats facing the industry. Cyberattacks on the trucking industry extend beyond phishing. The latest analysis from Upstream, a cybersecurity platform specializing in the automotive sector, reveals the top cyber threats to transportation IoT and mobility devices.

The different types of business email compromise threats, according to SlashNext.

Upstream’s analysis indicates that cyber risks in the transportation sector are rapidly evolving, with the application layer (API) and IoT cloud layer being the most targeted areas. The report emphasizes that the growing use of Mobility and Transportation IoT devices is creating a larger attack surface, making operational availability and data integrity increasingly vulnerable to sophisticated cyber threats.

Upstream's most recent analysis of transportation IoT and mobility cybercrime identified the industry's top threats.

The Importance of Cybersecurity Training and Risk Monitoring

Preventing cyberattacks starts with proactive measures like cybersecurity risk monitoring and comprehensive employee training. Mark Murrell, president of CarriersEdge, highlighted the importance of such training in an interview with FleetOwner. CarriersEdge, a web-based platform offering employee training courses, introduced a cybersecurity course last year to address the rising threat of cybercrime. For those who receive the phishing email mentioned earlier, the FMCSA offers the following advice: avoid clicking on suspicious links; instead, hover over them to check the actual email address or URL. Additionally, consult the Cybersecurity and Infrastructure Security Agency (CISA) for more information on how to spot online scams. The FMCSA also recommends following the Federal Trade Commission’s (FTC) procedures for email verification and filing a complaint with the FBI through its IC3 website. If further assistance is needed, contacting the FMCSA Contact Center at 1-800-832-5660 is advised.

Facebook
Twitter
LinkedIn
You might also like