According to a report published by an email security provider last month, there has been a 175 percent year-over-year increase in transportation industry phishing scams in the last year. Transportation has become an attractive target for phishing scams because the industry’s daily operations involve numerous vendors, suppliers, contractors, transactions, partners and communication points.
Phishing scams and phishing emails attempt to steal data, personal information, money, passwords, bank information, credit card numbers and personal identities. The criminals initiating phishing scams pretend to be legitimate companies or contacts. They send email messages that include links to a phishing website that may appear to be a legitimate website designed to steal information from you or your staff.
In this blog, you’ll learn about the most common types of phishing scams in the trucking industry, as well as best practices for detecting phishing emails. We’ll also explore the best course of action when you do receive a phishing email and what to do if you’ve fallen for a scam or clicked on a phishing link.
6 Types of Phishing Scams
Scammers may target your trucking business by sending you and your staff members email and text messages to try to trick you into divulging your passwords, account numbers and other sensitive information. Once they get that information, scammers can access your email, bank, and other accounts or they may sell your information to other criminals.
Here are six phishing scams that are common in the trucking industry.
Suspicious Activity Phishing Scams
Scammers often send phishing emails that falsely report suspicious activity or log-in attempts to one of your accounts.
Account/Payment Problem
Another common type of phishing email claims there is a problem with one of your accounts or payments, even when there isn’t.
Confirmation of Personal/Financial Information
Scammers also will send fake emails asking you to confirm personal information about yourself or financial information about your company in the hope that you’ll log onto their fake website and reveal this information.
Fake Invoices
Another common phishing scam is to send businesses fake invoices via email, claiming payment is overdue.
Request for Payment
Other phishing emails may want you to click a link to make a payment, but the link is fake and includes malware designed to steal your payment information.
Free Stuff/Coupons
Other types of phishing emails may falsely proclaim that you’re eligible for a refund from the government or offer coupons for free merchandise. Needless to say, these offers are fake.
How To Detect Phishing Emails: 7 Tips for Truckers
Spotting phishing emails can be challenging, as these messages are written and designed to appear legitimate. Fortunately, there are some tell-tale signs that you may be dealing with a scammer trying to phish your business. Check out these seven tips on how to detect phishing emails:
Generic Greetings/Messages From Free Email Accounts
Receiving an email addressed to “To whom it may concern” or “Dear Sir/Madam” often indicates you’re dealing with phishing scams. Any legit business or contact likely will address you or your business with a specific name. Another red flag is receiving messages from accounts ending in gmail.com, yahoo.com or other free, public email domains.
Threats/Urgency
Another tell-tale sign you may be dealing with transportation industry phishing scams? The email message claims you must contact the sender, click on the link or open the attachment immediately to avoid penalties or fines. Scammers create a false sense of urgency to trick you into revealing information about yourself/business.
First-Time or External Senders
Any time that you receive an email from someone for the first time or a message from an external email address, you should pause before clicking any included links or opening attachments.
Poor Grammar and Spelling
Does the email or text message include spelling errors and poor grammar? If so, it may be a scam. Spelling and grammar errors also may indicate that the scammer is using a translation software and is located outside the United States.
Mismatched Email Domains
Other phishing attack signs include mismatched email domains. If, for example, the email sender claims to be from Adobe or Microsoft, the sending email address should end with Adobe.com or Microsoft.com or a known, verifiable domain related to those brands. Scammers also may send phishing emails from accounts with the well-known company’s name misspelled in the email address.
Suspicious Attachments/Links
Any time that you suspect that a link or attachment in an email is suspicious, avoid clicking on it! When in doubt, hover your cursor over the URL or attachment to see the destination URL or name of the attachment. Doing so can help you determine if the message is real or a phishing scam.
Requests for Logins, Payment Information
Other phishing email red flags include requests for payment information, user names/passwords or other sensitive information. Scammers often can create fake log-in web pages that appear to be real. Their goal is to trick you into entering your user name, password and/or payment information on their fake websites.
Best Practices When You Receive Phishing Emails
Now that you know how to identify potential phishing scams and messages, you likely want to know what to do when you or your team receives a suspected phishing email.
If you know the company or person associated with the email or text message, contact the person or company using a phone number or email address that you know is real. You may need to go to the company’s website to get this information. Do not use the contact information presented in the email or message, as it may be false.
If you don’t have an existing account with the company or you don’t know the person who sent the message, be sure to review our lists above of the most common types of phishing emails and ways to detect them. If you see signs that the message might be a phishing scam, report it to the Anti-Phishing Work Group (email: [email protected], text: SPAM/7726). You can also report the phishing attempt to the Federal Trade Commission via ReportFraud.FTC.gov. You have the option to report a message as spam or phishing in Microsoft Outlook and Teams, web browsers and other software programs, too. It’s important to report known or suspected phishing to your security/IT department as well.
What To Do When You’ve Fallen for Phishing Emails
In the event that you’ve clicked on a suspicious link or opened a phishing scam attachment, there are a few things you can do to mitigate the damage done. First, take screenshots of the email and website, noting any information you may have inadvertently shared. Also, change passwords on all impacted accounts, be sure to create new passwords that are strong and require multi-factor authentication on your accounts.
If you’ve shared financial information through the phishing scam, you’ll want to notify your bank or credit card company so that they will monitor suspicious activity on your account. It’s also a good idea to update your computer’s security software and run a thorough scan for malware as soon as possible. Finally, if you’ve lost money or had your identify stolen through a phishing scam, you’ll want to contact the police and provide as many details as you can.