There has been an 856% increase in malicious emails sent within the past year, according to a report by SlashNext Security, and U.S. fleets were the target of a recent nationwide phishing attempt, according to the Federal Motor Carrier Safety Administration.
Generative AI has only made it easier for perpetrators to perform these attacks. Since the launch of ChatGPT and other advanced language models, malicious emails have increased by 4,151%, the SlashNext report noted.
FMCSA emailed media outlets last week to request help in informing registered entities about a “new phishing fake email.”
The email asks recipients to complete an attached form requesting a social security number and a USDOT PIN. In some cases, the email also includes a threat that the recipient will be fined if they do not respond within one day, FMCSA stated.
“FMCSA does not require such information on official FMCSA forms. Carriers should NOT fill out forms attached to the fake email, and always refer to the official FMCSA forms for the latest and official documents,” the letter stated.
This phishing email originates from the following accounts, which are not official FMCSA accounts: [email protected], [email protected], [email protected], or [email protected].
Recipients who respond to the email with private information could give cybercriminals access to their official FMCSA accounts.
This instance highlights the growing need for adequate employee cyber training and awareness.
See also: Trucking’s two biggest cybersecurity threats today
The increase in cyber risks
The vast majority of these malicious scams are identified as business email compromises, such as fake phishing FMCSA emails.
Phishing is a type of scam “in which attackers pretend to be from a reputable or legitimate organization through an email or other messaging system,” FleetOwner previously reported. Moreover, it’s becoming one of the most prominent forms of cyberattacks in trucking today, stated a report from the National Motor Freight Traffic Association.
But attacks on the trucking industry don’t stop there.
Upstream, a cybersecurity platform focused on the automotive industry, recently released a new analysis of cyber risks related to transportation IoT devices and mobility. The results conclude that the risks are “rapidly evolving,” with the application layer—or API—and the IoT cloud layer as the most targeted for cybercrime, according to the analysis.
“The surging use of Mobility and Transportation IoT devices presents a growing attack surface for increasingly complex and sophisticated cyber risks, putting operational availability and data integrity at risk,” the report stated.
See also: Mobility cybersecurity company leverages AI to mitigate cyberattacks
How to prevent cyberattacks
One of the best ways to prevent a cyberattack is to work to avoid it through safeguards, such as cybersecurity risk monitoring and employee training, which is the most effective, Mark Murrell, president of CarriersEdge, told FleetOwner back in the spring.
CarriersEdge is a web-based platform that houses employee training courses. The company deployed a cybersecurity training course within the last year to combat the rise in cybercrime. This course is available to all trucking company employees, from office personnel to drivers, to help them learn “what to watch for so they don’t fall victim,” Murrell said.
While cybercriminals are becoming more advanced through AI, training employees on identifying suspicious emails can go a long way in protecting the company.
See also: Protect your fleet from cyber risks
For individuals who have received the email cited above, FMCSA advises:
- Do not click on any suspicious links and instead, “hover over them to see the real email address or URL of that link.”
- Consult the Cybersecurity and Infrastructure Security Agency for more information about “online deceiving tactics.”
- Follow the procedures outlined by the Federal Trade Commission for email verification. File a complaint with the FBI on its IC3 site.
- Contact the FMCSA Contact Center by calling 1-800-832-5660.
