On January 30, 2026, FMCSA issued a fraud alert warning the trucking industry about a phishing campaign targeting motor carriers. The emails impersonate U.S. Department of Transportation and FMCSA officials, and they are designed to steal sensitive business information or trick carriers into making illegal payments.

This is not the first time scammers have targeted the trucking industry with fake government communications, but FMCSA’s own alert described it as “a new, aggressive phishing campaign” and noted that the emails are more convincing than previous attempts. The fake messages contain professional-looking documents, legitimate-sounding language, and links that closely mimic real FMCSA web addresses.

If your office handles DOT correspondence, registration renewals, or compliance documentation, your team needs to know what to look for.

⚠️ Red Flags: How to Identify a Fake FMCSA Email

  1. The sender address does not end in .gov. Official FMCSA correspondence typically comes from a .gov email address. If the email comes from a domain like @fmcsadministration.com or @fmcsa-safety-fmcsa.com, it is not from FMCSA.
  2. The email asks for payment or sensitive information. FMCSA does not request SSNs, bank account details, credit card numbers, EINs, PINs, or UCR fees through unsolicited emails or phone calls.
  3. Links point to non-.gov domains. Hover over any link before clicking. Phishing links often lead to addresses like fmcsa.web.saferwebdattaconnect.pro instead of fmcsa.dot.gov.
  4. The email demands immediate action under threat of fines. FMCSA does not initiate contact that demands immediate submission of payments or documents. Routine updates and renewals are user-initiated through official portals.
  5. The email asks you to fill out attached forms. Legitimate FMCSA communications direct you to log into your portal account, not to fill out and return attached PDF forms with personal or financial information.

1

What FMCSA Described

According to the January 30 alert, the phishing campaign involves emails that falsely claim to come from USDOT or FMCSA officials. The emails contain professional-looking documents and links that are designed to appear legitimate but redirect to fake websites.

FMCSA specifically noted that links in the phishing emails typically lead to suspicious, non-.gov domains. The agency cited one example domain: fmcsa.web.saferwebdattaconnect.pro. This kind of domain is crafted to look official at a glance but does not belong to any government agency.

The agency stressed several points in its alert:

  • FMCSA correspondence almost always uses an email address ending in .gov
  • The agency never requests Social Security numbers, bank account details, or credit card information through unsolicited emails or phone calls
  • FMCSA never initiates contact that demands immediate submission of payments or sensitive information
  • All routine updates and renewals are user-initiated through official FMCSA websites or portals

📌 Official FMCSA Contact Channels: If you receive a suspicious email claiming to be from FMCSA or USDOT, verify through official channels. FMCSA Contact Center: ask.fmcsa.dot.gov/app/ticket or call 1-800-832-5660. Official website: www.fmcsa.dot.gov.

2

Known Phishing Tactics Targeting Carriers

FMCSA maintains a Fraud Alerts page that documents multiple phishing patterns targeting the trucking industry. Based on reported schemes, these are the most common tactics:

Fake Compliance Notices

Scammers send emails that appear to be FMCSA compliance notices requiring immediate document submission. These emails typically demand a certificate of insurance, an IRS-issued EIN verification letter, a certificate of organization, and copies of the carrier’s driver’s license. The emails often threaten fines if the carrier does not respond within a day.

One documented example used the sender address admin@fmcsadministration.com, which has no connection to the actual Federal Motor Carrier Safety Administration.

Fraudulent Registration Emails

Carriers have reported receiving emails from addresses like safety@fmcsa.gov and filing@fmcsa.gov. While these addresses appear to end in .gov, FMCSA has confirmed they are not legitimate addresses used by the agency. Scammers can spoof the display address that appears in your inbox, but the underlying sending domain and reply-to address reveal the deception. If a carrier replies, the response actually goes to a non-.gov domain like @fmcsa-safety-fmcsa.com, which is not owned or operated by FMCSA.

These emails typically ask for SSN and USDOT PIN information, which would give the scammer access to the carrier’s FMCSA registration account.

Fake SAP Outreach

Some scammers impersonate substance abuse professionals and contact drivers directly, claiming they can help resolve open Clearinghouse violations. They attempt to collect the driver’s full name, CDL number, and date of birth. A legitimate SAP would never solicit a driver through unsolicited contact, and the return-to-duty process is always initiated through proper employer and SAP channels.

Payment Verification Scams

Another pattern involves emails that ask carriers to verify a payment and fuel system linked to their motor carrier or DOT number. The emails direct the recipient to click fake links that lead to data-harvesting pages designed to capture login credentials or financial information.

3

Why Trucking Is a Target

Motor carrier contact information, including business name, address, and phone number, is publicly available through FMCSA’s registration databases. Under the government’s Open Data Policy, this information is displayed for all registered carriers and new applicants. That means scammers do not need to breach any system to get the names and addresses they use in phishing emails. They simply pull from public registration data.

This also explains why newly registered carriers often report receiving suspicious emails almost immediately after filing their application. Scammers monitor public registration data and target new operators who may be unfamiliar with FMCSA’s actual communication practices.

4

What To Do If You Receive a Suspicious Email

📌 Step-by-Step Response: Follow these steps if you receive an email that appears to come from FMCSA or USDOT but seems suspicious.

1. Do not click any links or open any attachments. Attachments from unknown senders may contain malicious files.

2. Do not reply to the sender. Replying confirms that your email address is active and may lead to more targeted phishing attempts.

3. Hover over any links to check the actual URL. If the URL does not end in .gov (specifically fmcsa.dot.gov or a related USDOT domain), it is not an official FMCSA link.

4. Report the email to the FBI. File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

5. Report to FMCSA. Contact the FMCSA Contact Center at ask.fmcsa.dot.gov/app/ticket or call 1-800-832-5660.

6. Report to the FTC. Visit the Federal Trade Commission at consumer.ftc.gov for additional guidance on phishing and email verification.

7. Alert your team. If one person in your office received the email, others may have received it too. Share the warning internally so no one else responds.

5

Protecting Your Operation

Beyond reacting to individual phishing emails, carriers can take proactive steps to reduce their exposure:

Train your office staff. Make sure anyone who handles DOT correspondence knows that FMCSA does not request sensitive information by email and that all legitimate FMCSA business is conducted through .gov portals. A five-minute conversation with your team about what real FMCSA emails look like can prevent a costly mistake.

Verify before you act. If you receive an email that seems like it could be legitimate but feels unusual, call FMCSA directly at 1-800-832-5660 before responding. Do not use any phone number or link provided in the suspicious email itself.

Bookmark official portals. Access FMCSA services through bookmarked URLs rather than clicking links in emails. The official login portal is at portal.fmcsa.dot.gov.

Secure your FMCSA account credentials. If you suspect your USDOT PIN or portal login may have been compromised, change your credentials immediately through the official portal and contact FMCSA.

6

Frequently Asked Questions

Does FMCSA ever send emails that don’t end in .gov?

In limited circumstances, yes. FMCSA has stated that customer satisfaction surveys following Contact Center interactions may come from a non-.gov address. However, these surveys request feedback only and never ask for personal, payment, or account information. If an email from a non-.gov address asks for anything beyond feedback, it is not from FMCSA.

What information does FMCSA never request by email?

FMCSA does not request Social Security numbers, bank account details, credit card information, UCR fees, PINs, or EINs through unsolicited emails or phone calls. If sensitive information is needed, FMCSA directs you to initiate the process through official phone numbers or web portals.

Can scammers spoof a .gov email address?

It is technically possible for scammers to make an email appear to come from a .gov address. FMCSA has documented cases where fake emails appeared to come from addresses like safety@fmcsa.gov, which are not real FMCSA mailboxes. If the email asks for sensitive information or directs you to a non-.gov website, treat it as suspicious regardless of the sender address.

I already responded to a suspicious email. What should I do?

If you provided sensitive information, change your FMCSA portal credentials immediately. Contact FMCSA at 1-800-832-5660 to report the incident. File a complaint with the FBI’s IC3 at www.ic3.gov. If you provided financial information, contact your bank or financial institution. Monitor your FMCSA account and USDOT registration for unauthorized changes.

Are new carriers targeted more frequently?

According to FMCSA, newly registered carriers sometimes report receiving suspicious emails shortly after filing their application. This is because motor carrier contact information is publicly available through FMCSA’s registration system under the Open Data Policy. Scammers can access this information without breaching any government system.

How OneWayBIT Helps You Stay Ahead

OneWayBIT’s compliance guides cover the federal and state requirements carriers need to know, including registration, credential verification, and enforcement standards. For related coverage, see California’s 13,000 CDL Cancellations and Clearinghouse 2026: Tighter Deadlines and Enforcement. Bookmark our News & Insights page for alerts on scams, enforcement actions, and regulatory changes that affect your operation.

Related State Guides

Document History
PublishedMarch 11, 2026
Last ReviewedMarch 11, 2026
CoverageOngoing
Prepared byOneWayBIT Editorial Team
Reviewed for accuracy and regulatory sourcing
Primary Sources

Stay Ahead of Your Next Inspection

OneWayBIT tracks inspection deadlines, sends reminders before due dates, and keeps 3 years of records organized the way auditors expect. When it’s time for DOT, you pull the file in seconds.

See How It Works

Disclaimer: This article provides general information about federal trucking regulations and industry news as of March 11, 2026. Regulatory requirements are subject to change. This content is for informational purposes only and does not constitute legal, regulatory, or compliance advice. Readers should independently verify all requirements with the FMCSA, their state DOT, or qualified legal and compliance professionals before making business decisions. OneWayBIT is not responsible for actions taken based on this information.