Attention Contractors: Advisory Notice Regarding Suspected Phishing Emails

Fraudulent communications adopt many different forms and are the unauthorized actions of third parties. These messages, sometimes referred to as "phishing" or "spoofing", are becoming more common and may appear legitimate by incorporating logos, brands, colors, or other legal disclaimers. We take fraud and the protection seriously. We want to help make sure you don’t fall victim to phishing or other types of fraudulent activity whether it’s through email, text, phone, or social media.

The emails reported to the Department, by numerous business owners across the U.S., contain fraudulent Requests For Quotations (RFQ) where it appears that DOT is requesting pricing and delivery of commercial IT equipment (e.g. cell phones) to fictitious DOT facilities.  These fraudulent RFQs look somewhat official and utilize the DOT official emblem.  It also appears that the perpetrator is specifically targeting Small Businesses.

Any RFQ/Solicitation received via email from an apparent DOT source unknown to you or your company should immediately be verified for authenticity.

Here are some tips to keep in mind:

• The United States Department of Transportation will not request personal information, financial information, account numbers, IDs, passwords or copies of invoices in an unsolicited manner through email, mail, text, phone or fax, especially in exchange for the transportation of goods and services.
• If you receive a message that appears to be from USDOT that you believe is questionable or fraudulent, send a screenshot of the message or forward it to M61AcquisitionPolicy@dot.gov for investigation.  Or call the Department at (202) 366-4280 to confirm the validity of the communication.
• Learn more about how to avoid phishing scams in this article from the U.S. Federal Trade Commission: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams