Building a Strong Cybersecurity Defense Against Phishing and Smishing

The freight industry has increasingly become a target for cybercriminals looking to steal carriers’ identities, pay, and even cargo. Scammers are getting craftier and attacks are becoming more common. This is costing businesses millions of dollars, not just in wasted time, but also in lost revenue.

Bad actors are constantly developing new tricks, using phishing, smashing, and quishing, making it harder even for the best security systems to stop them. And falling victim can result in financial loss, data breaches, and operational disruptions. As these scams get extremely good at looking like “the real thing” and become difficult to identify, it’s critical to educate yourself. Being able to consistently detect phishing emails in your inbox, smishing texts on your smartphone, and quishing QR codes that seem legitimate is key to protecting you and your business.

What are common cyber scams?

Phishing

Phishing is a scam where cybercriminals try to steal your sensitive information, like account numbers or passwords. They do this by sending fake emails or creating fake websites that look like they’re from a legitimate company or someone you trust. Once they have your information, they can use it to hack into your accounts and intercept or redirect funds or payments, leaving you holding the bag and cleaning up a financial mess.

In phishing emails, the cybercriminal might ask for the following:

• Date of birth
• Social Security number
• Phone number
• Home address
• Credit card details
• Log in details
• Passwords or other information to reset a password

The information can be used to impersonate you, allowing scammers to apply for credit cards, or loans, open a bank account, or commit other cybercrime.

Phishing happens when a victim acts on a fraudulent email that requires urgent action and/or asks you to do something, including:

• Click an attachment.
• Update a password.
• Respond to a contact request via social media.
• Connect to a new Wi-Fi hotspot.

Smishing

Smishing is a cyber attack that uses deceptive mobile text messages to trick people into downloading malware, sharing sensitive personal information, or sending money—all with the intent to steal from you. Just like email-based phishing attacks, these messages appear to be from trusted sources, and they create a sense of urgency, curiosity, or fear to manipulate users into taking an undesired action.

An example of smishing might be a text message alerting you of a suspicious transaction, urging you to take some sort of action like verifying your account.

Other common tactics include:

• Tech support scams – Users get a message warning them about a problem with their device or account requesting they contact a tech support number. Calling this number can lead to charges, or the “technician” might request remote access to the device, leading to data theft.
• Service cancellation alerts—The fraudster warns the victim that a subscription or service is about to be canceled due to a payment issue. The recipient is urged to click on a link to “resolve” the issue, which usually leads to a phishing page.
• Malicious app downloads – Scammers might send a text message promoting a supposedly useful or entertaining app. Clicking the download link in the message actually installs malicious software on your device.

Quishing

Quishing is a scam that uses fake QR codes to lure unsuspecting victims into visiting malicious websites or downloading harmful software. With people more comfortable using QR codes post-pandemic, quishing presents a significant risk. These scams also often bypass traditional security measures, such as email filters and antivirus software, making them particularly hard to detect.

Cybercriminals may embed malicious QR codes in various places, such as:

• Emails that appear to come from trusted sources.
• Physical locations like public advertisements or parking tickets.

When scanned, these codes redirect victims to phishing websites that prompt them to download malware. Quishing can lead to identity theft, unauthorized payments, and data breaches.

Common quishing tactics:

• Fake payment requests: Scammers may place fraudulent QR codes on invoices or parking tickets that request payment.
• Identity theft: Codes may lead to malicious login pages that capture your usernames and passwords to access your account information.
• Malware distribution: Some QR codes can initiate automatic downloads of harmful software onto a device. This can be used to steal sensitive information, damage a device, or spy on your internet activity.

Why the freight industry is a target for scammers

The freight industry is particularly vulnerable to these types of fraud for two reasons.

1. Big Payouts: These scams can be very profitable for criminals. If they can steal login information from carriers, brokers, or shippers, they can impersonate legitimate companies and steal payments made during transactions.
2. Fast-Paced Communication: Freight involves a lot of communication via email and text messages. This includes everything from updates on shipments to price negotiations and payments. People in the freight industry are used to this constant communication, which makes them more susceptible to clicking on malicious links or giving away information in phishing attempts. If you’re not careful, you can unsuspectingly click on a link or divulge information that could lead to an attack.

Watch out for these red flags

It’s difficult to tell a legitimate message from a scam, but there are red flags that should alert you that a message may be fraudulent.

Here are ways to identify suspicious emails or texts:

• Unusual Content: Be wary of any emails, text messages, or QR codes that seem out of place, irrelevant, unexpected, or unsolicited.
• Unknown Senders: Phishing and smishing messages tend to come from unknown senders (although scammers are very good at making the “sent from” look like a legitimate source). Be wary of messages from people or addresses you don’t recognize.
• Strange Requests: Be suspicious if a message offers something unexpected, asks for personal information you wouldn’t normally share, or seems demanding.
• Urgent Requests: Be wary of messages pushing you to respond quickly.

How to safely check email and text links

If an email or text seems suspicious, there are ways you can confirm legitimacy safely.

These are the best ways to check for emails and text links safely.

1. Hover over the email link or check the URL from a QR code to see if it reveals anything unusual. If it seems irregular or points you to a site that you’re not familiar with, beware, and err on the side of caution by not clicking on the link.
2. If the message is asking for personal information from you, your first line of defense is to be suspicious. Unknown sources that demand your personal information, passwords, or payment information should always be investigated with caution. If the message creates a sense of urgency or fear, it’s best to do your due diligence.
3. Watch for grammatical errors. Phishing and smishing messages often contain misspelled words or language irregularities, signaling that they originate from bad actors in other countries.

Security best practices

Phishing and smishing scams are a constant threat for carriers and brokers, but by following these steps, you can significantly reduce your risk of falling victim to one.

• Verify the sender’s identity before clicking links or opening attachments. Inspect the “from” address carefully for discrepancies or irregularities.
• Be cautious of unsolicited offers or prize notifications.
• Never share sensitive information through email or text.
• Report suspicious messages to your IT department or relevant authorities.
• Use strong passwords, multi-factor authentication, and enhanced security tools available to you.
• Validate the domain authenticity before clicking on any links or entering personal credentials. (For example, confirm you are visiting Truckstop.com and NOT info-truckstop.com or Truckstop.blog.)

If you suspect a cyber crime, report it to the Internet Crime Complaint Center, or IC3, the central hub for reporting these types of scams. It’s monitored by the FBI and contains educational resources on the latest and most threatening cyber scams.

Securing your business online and on the road

We’ve gone the extra mile to keep your business safe with our advanced security measures: identity verification and multi-factor authentication.

Identity verification validates the identity of anyone who attempts to log in on behalf of a carrier by matching their government-issued ID against a real-time selfie. MFA provides yet another layer of protection against potentially compromised credentials while enabling seamless access across Truckstop products.

Cybercriminals keep inventing new ways to trick people and steal their information. Here at Truckstop, we’ve got your back. We’re constantly developing new security features for the load board to fight fraudsters and keep your business safe. With Truckstop, you can focus on what matters most – running your business with confidence.